Jump to content

dp68

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    NE
  1. Oops, I also meant to ask you if I continue using Malwarebytes do I really need to keep Ad-Aware and Trojan Hunter?
  2. Thanks a ton!! I have another question for you though. I am using AVG Anti-Virus (free edition), Ad-Aware, and Trojan Hunter....obviously they did not protect me as much as I thought they would. My girlfriend is running McAfee Security Suite on her computer as well as Ad-Aware and clearly they failed as well. Obviously Malwarebytes is a recommend program to use but what others do you recommend for the best protection?
  3. OTL text - OTL logfile created on: 2/7/2010 3:58:25 PM - Run 3 OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Administrator\Desktop\Dianes pc progs Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.94 Gb Total Space | 5.08 Gb Free Space | 7.37% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 233.76 Gb Total Space | 71.07 Gb Free Space | 30.40% Space Free | Partition Type: NTFS Drive F: | 149.05 Gb Total Space | 6.66 Gb Free Space | 4.47% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BULLET Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\WINDOWS\system32\PnkBstrB.exe () PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Documents and Settings\Administrator\Desktop\Dianes pc progs\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\system32\PnkBstrA.exe () PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Administrator\Desktop\Dianes pc progs\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe () SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (SaiUFF0D) -- C:\WINDOWS\system32\drivers\SaiUFF0D.sys (Saitek) DRV - (SaiHFF0D) -- C:\WINDOWS\system32\drivers\SaiHFF0D.sys (Saitek) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (si3114r5) -- C:\WINDOWS\system32\drivers\si3114r5.sys (Silicon Image, Inc) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (speedfan) -- C:\WINDOWS\System32\speedfan.sys (Windows ® 2000 DDK provider) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (V0060VID) -- C:\WINDOWS\system32\drivers\V0060Vid.sys (Creative Technology Ltd.) DRV - (SiWinAcc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiFilter) -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.) DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (giveio) -- C:\WINDOWS\System32\giveio.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultEngine: "Yahoo" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-flv" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5 FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:1.7 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/30 23:08:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\Program Files\Flock\plugins FF - HKLM\software\mozilla\Flock 2.0b3\extensions\\Plugins: C:\Program Files\Flock\plugins FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 09:02:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/04 17:41:42 | 000,000,000 | ---D | M] [2008/10/19 17:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2008/10/19 17:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2008/08/29 23:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/02/07 11:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions [2009/09/02 14:59:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/07/22 01:33:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010/01/17 22:09:31 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2010/01/16 06:25:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/01/11 19:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\kodak-companion@mozilla.com [2008/03/17 18:17:27 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\searchplugins\aolsearch.xml [2008/12/12 12:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\searchplugins\MySpace.xml [2009/11/11 20:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/06 12:09:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/01/06 12:08:58 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/06 12:08:58 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2000/06/05 17:47:00 | 000,032,768 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\AppSub32.dll [2009/05/01 15:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll [2009/11/28 00:31:53 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll [2009/05/12 12:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2009/05/18 16:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2007/12/19 12:57:00 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2000/06/05 17:48:00 | 000,098,304 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll [2007/10/11 14:17:50 | 001,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2010/01/06 12:08:59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/10/02 20:34:31 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/10/02 20:34:35 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2009/10/02 20:34:27 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2009/05/01 15:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll [2009/07/30 01:24:20 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/07/30 01:24:20 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/07/30 01:24:20 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/07/30 01:24:20 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/07/30 01:24:20 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/07/30 01:24:20 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/07/30 01:24:20 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/02/06 15:22:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 4.7\THGuard.exe (Mischel Internet Security) O4 - HKLM..\Run: [VF0060 STISvc] C:\WINDOWS\System32\V0060Pin.dll (Creative Technology Ltd.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - Reg Error: Value error. File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites) O15 - HKCU\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1161216857906 (WUWebControl Class) O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://adobe.kodakgallery.com/downloads/BU..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/30 00:47:50 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/06 18:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2010/02/06 18:25:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/06 18:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/02/06 18:25:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/06 18:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/06 18:24:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/02/06 15:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Them Crooked Vultures (2009) [2010/02/06 15:26:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/02/06 15:05:05 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/02/06 15:04:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/02/06 15:04:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/02/06 15:04:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/02/06 15:04:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/02/06 15:04:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/02/06 15:02:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/02/05 14:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder [2010/02/04 21:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp [2010/02/04 17:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/02/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/02/04 17:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/02/04 14:11:35 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Administrator\Desktop\StartUpLite.exe [2010/02/04 03:10:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop\2-2-10 [2010/02/04 02:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [2010/02/01 17:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss [2010/01/30 23:26:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\My Documents\My Webs [2010/01/30 23:08:47 | 000,000,000 | ---D | C] -- C:\$AVG [2010/01/30 23:08:35 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/01/30 23:08:35 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/01/30 23:08:30 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/01/30 23:08:28 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/01/30 23:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2010/01/30 23:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2010/01/30 23:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/01/30 23:07:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010/01/30 23:07:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010/01/30 23:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/01/30 23:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010/01/30 22:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dianes pc progs [2010/01/29 19:40:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010/01/28 19:03:16 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe [2010/01/21 12:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010/01/12 20:36:39 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010/01/06 14:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/01/06 10:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/02/01 18:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2007/12/02 23:06:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys [2007/11/07 13:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/08/12 20:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire [2007/08/06 17:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire [2006/11/08 22:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Creative [2006/08/11 13:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/02/07 15:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/07 13:55:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/02/07 13:55:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/02/07 13:55:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/02/07 13:55:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/02/07 13:55:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/02/07 13:51:21 | 000,003,005 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\kasperksy.html [2010/02/07 12:27:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/02/07 10:24:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/07 09:51:27 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/07 09:51:16 | 000,199,903 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/02/07 09:51:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/02/07 09:51:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/07 09:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/07 09:50:54 | 000,125,421 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2010/02/07 09:50:01 | 018,087,936 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2010/02/07 09:50:00 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/07 09:50:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010/02/07 09:50:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010/02/07 09:49:59 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/07 09:49:59 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/07 09:49:59 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/07 09:49:59 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/07 09:27:47 | 055,225,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/02/06 18:25:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/06 16:20:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat [2010/02/06 15:22:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/02/06 15:22:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/02/06 15:05:16 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/02/06 15:01:04 | 003,849,526 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2010/02/05 17:12:08 | 000,156,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/05 16:23:31 | 002,108,860 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010/02/05 00:27:28 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010/02/05 00:27:28 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010/02/04 23:40:05 | 000,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010/02/04 16:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/02/04 14:22:24 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.CDF [2010/02/04 14:22:24 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.BAK [2010/02/04 14:11:35 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Administrator\Desktop\StartUpLite.exe [2010/02/04 12:26:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\win.ini [2010/02/04 12:26:33 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/02/04 02:40:49 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/02/04 00:07:51 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk [2010/02/03 23:06:34 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Killing Floor.lnk [2010/02/01 20:47:57 | 192,656,532 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nierika.rar [2010/01/31 21:53:59 | 000,064,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\camaro.jpg [2010/01/30 23:08:35 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/01/30 23:08:35 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/01/30 23:08:30 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/01/30 23:08:28 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/01/30 23:08:28 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/01/30 23:08:25 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2010/01/30 23:08:25 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2010/01/30 23:08:25 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/01/28 19:03:17 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe [2010/01/27 17:47:16 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010/01/23 08:50:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/01/12 23:40:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/09 19:32:59 | 000,114,223 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ethanskinedit2.jpg [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/07 13:51:21 | 000,003,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\kasperksy.html [2010/02/06 18:25:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/06 15:05:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/02/06 15:05:15 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/02/06 15:04:32 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/02/06 15:04:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/02/06 15:04:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/02/06 15:04:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/02/06 15:04:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/02/06 15:01:01 | 003,849,526 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2010/02/04 02:40:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/02/03 23:06:34 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Killing Floor.lnk [2010/02/01 20:45:34 | 192,656,532 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nierika.rar [2010/01/31 21:53:59 | 000,064,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\camaro.jpg [2010/01/31 09:44:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat [2010/01/30 23:08:28 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/01/30 23:08:25 | 055,225,812 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/01/30 23:08:25 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2010/01/30 23:08:25 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2010/01/30 23:08:25 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/01/13 04:15:11 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.BAK [2010/01/12 23:39:58 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010/01/09 19:32:57 | 000,114,223 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ethanskinedit2.jpg [2009/12/22 17:59:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009/12/19 22:43:30 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini [2009/12/16 20:57:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/11/19 21:56:21 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2009/11/07 16:11:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009/11/07 16:11:36 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009/11/07 16:11:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/04/01 20:16:29 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kodakpcd.ini [2009/04/01 19:46:41 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/03/10 21:15:22 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/03/10 21:15:20 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/03/10 21:15:20 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2009/03/10 21:15:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/03/10 21:15:19 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/03/10 21:15:19 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/01/23 12:31:24 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\DD53C1 [2009/01/23 12:31:23 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mcs.rma [2008/12/26 00:08:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/12/26 00:08:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/12/26 00:08:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/12/26 00:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/11/09 19:31:44 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml [2008/09/01 15:12:35 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2008/07/24 14:27:01 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll [2008/07/24 14:27:01 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll [2008/07/14 02:06:23 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008/03/29 23:57:35 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2008/01/19 20:32:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2007/12/02 23:06:11 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log [2007/12/02 23:06:07 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ezpinst.exe [2007/12/02 23:06:07 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat [2007/12/02 23:06:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf [2007/11/11 15:28:29 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007/09/25 17:52:43 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2007/09/25 17:52:43 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SSLeay32.dll [2007/08/19 14:45:34 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007/08/12 12:04:31 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007/07/09 21:36:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/05/30 07:52:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/04/24 20:53:53 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2007/03/04 01:48:53 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2007/01/08 17:31:35 | 000,001,170 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2006/12/16 13:31:01 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/12/09 19:31:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS43.DLL [2006/11/28 19:04:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2006/11/28 19:04:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2006/11/14 21:27:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/11/12 12:50:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006/11/12 12:50:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006/11/12 12:50:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006/11/12 12:50:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006/11/12 12:50:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006/11/12 12:50:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006/11/12 12:34:06 | 000,648,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006/11/09 00:27:08 | 000,006,186 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006/11/09 00:27:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2006/11/09 00:27:06 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006/10/18 20:31:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2006/10/18 14:23:23 | 000,156,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/08/11 14:14:08 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/08/11 13:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006/06/09 00:26:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2006/05/23 11:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2006/03/09 01:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/03/09 01:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/06/29 07:34:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll [2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll [1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C < End of report > I haven't had a chance to really test it but it did boot faster and programs seem to be loading faster with no hitches.
  4. MBAM log - Malwarebytes' Anti-Malware 1.44 Database version: 3698 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/7/2010 1:32:17 AM mbam-log-2010-02-07 (01-32-12).txt Scan type: Quick Scan Objects scanned: 131346 Time elapsed: 3 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> No action taken. Files Infected: C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> No action taken. C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> No action taken. Kaspersky - -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, February 7, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, February 07, 2010 14:50:30 Records in database: 3446038 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics: Objects scanned: 165601 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 03:30:35 File name / Threat / Threats count C:\Program Files\a-squared Anti-Malware\Quarantine\7795814a182e64d14cfba65fe399efb7.a2q Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1 Selected area has been scanned.
  5. ComboFix text - ComboFix 10-02-06.01 - Administrator 02/06/2010 15:16:20.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1416 [GMT -6:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\inst.exe c:\documents and settings\Administrator\Application Data\Microsoft\~DFK6c314.tmp c:\documents and settings\Administrator\Application Data\Microsoft\1eaadjc.dll c:\documents and settings\Administrator\Application Data\Microsoft\bass.dll c:\documents and settings\Administrator\Application Data\Microsoft\kfgresk.dll c:\documents and settings\Administrator\Application Data\Microsoft\mjcriu.dll c:\documents and settings\Administrator\Application Data\Microsoft\peaadje.dll c:\documents and settings\Administrator\Application Data\Microsoft\qwadjb.dll c:\documents and settings\Administrator\Application Data\Microsoft\rsaadjd.dll c:\documents and settings\Administrator\Favorites\Online Security Test.url c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\chrome.manifest c:\program files\RelevantKnowledge\components\rlxg.doc c:\program files\RelevantKnowledge\install.rdf c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlph.doc c:\program files\RelevantKnowledge\rlxf.doc c:\windows\patchw32.dll c:\windows\system32\egQrrBeg.ini c:\windows\system32\egQrrBeg.ini2 c:\windows\system32\Rutwyyxx.ini c:\windows\system32\Rutwyyxx.ini2 ----- BITS: Possible infected sites ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VWSERVICE -------\Service_vwservice ((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 ))))))))))))))))))))))))))))))) . 2010-02-05 03:24 . 2010-02-05 03:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2010-02-04 23:43 . 2010-02-04 23:43 -------- d-----w- c:\program files\iPod 2010-02-04 23:43 . 2010-02-04 23:44 -------- d-----w- c:\program files\iTunes 2010-02-04 23:41 . 2010-02-04 23:41 -------- d-----w- c:\program files\QuickTime 2010-02-04 23:38 . 2010-02-04 23:38 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-04 08:40 . 2010-02-04 08:40 -------- d-----w- c:\program files\Ventrilo 2010-02-01 23:34 . 2010-02-01 23:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss 2010-01-31 15:44 . 2010-02-06 17:20 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat 2010-01-31 14:34 . 2010-01-31 05:08 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-01-31 14:34 . 2010-01-31 05:08 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-01-31 05:08 . 2010-01-31 05:22 -------- d-----w- C:\$AVG 2010-01-31 05:08 . 2010-01-31 05:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-01-31 05:08 . 2010-01-31 05:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-01-31 05:08 . 2010-01-31 05:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-01-31 05:08 . 2010-01-31 05:08 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-01-31 05:08 . 2010-02-06 14:16 -------- d-----w- c:\windows\system32\drivers\Avg 2010-01-31 05:08 . 2010-01-31 05:08 -------- d-----w- c:\program files\AVG 2010-01-31 05:08 . 2010-01-31 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-01-30 01:40 . 2010-01-30 01:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-30 01:40 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2010-01-29 01:03 . 2010-01-29 01:03 726008 ----a-w- c:\documents and settings\Administrator\gotomypc_438.exe 2010-01-21 18:07 . 2010-01-21 18:07 -------- d-----w- c:\program files\Winamp Detect 2010-01-13 02:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-12 01:06 . 2010-01-11 19:24 51200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-06 21:22 . 2009-04-02 01:45 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll 2010-02-06 20:58 . 2008-11-03 06:13 -------- d-----w- c:\program files\Steam 2010-02-06 02:48 . 2008-07-25 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-02-05 23:23 . 2009-12-30 05:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2010-02-05 19:20 . 2006-11-29 03:15 -------- d-----w- c:\program files\Drempels 2010-02-05 06:27 . 2007-08-19 20:45 215104 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-02-05 05:40 . 2007-08-19 20:45 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-02-04 23:43 . 2007-10-15 03:49 -------- d-----w- c:\program files\Common Files\Apple 2010-02-04 17:47 . 2009-10-17 16:46 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-04 17:47 . 2009-10-17 16:46 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-04 17:47 . 2009-10-17 16:46 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-02-04 17:47 . 2009-10-17 16:46 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-02-04 08:40 . 2006-11-09 06:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-03 08:51 . 2007-06-12 18:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-01-26 15:09 . 2006-11-19 00:16 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-25 06:08 . 2007-01-12 00:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire 2010-01-25 06:00 . 2007-01-12 00:24 -------- d-s---w- c:\program files\Xfire 2010-01-22 10:16 . 2009-02-11 01:39 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-21 18:07 . 2006-11-09 06:30 -------- d-----w- c:\program files\Winamp 2010-01-06 16:19 . 2007-10-04 03:04 -------- d-----w- c:\program files\Google 2010-01-06 02:47 . 2010-01-06 02:47 -------- d-----w- c:\program files\MSECache 2009-12-26 20:33 . 2007-05-30 13:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-12-21 19:14 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-21 00:40 . 2006-10-19 03:17 89640 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-20 23:42 . 2006-11-10 03:23 -------- d-----w- c:\program files\EA GAMES 2009-12-20 23:15 . 2009-12-20 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\No Company Name 2009-12-20 23:11 . 2009-12-20 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc 2009-12-20 23:11 . 2009-12-20 23:11 -------- d-----w- c:\program files\SmartSound Software 2009-12-20 22:59 . 2009-12-20 22:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager 2009-12-20 22:50 . 2006-10-19 02:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-20 22:15 . 2009-12-20 22:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25. 1 2009-12-20 22:15 . 2009-12-20 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-12-20 18:48 . 2009-12-20 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech 2009-12-20 18:30 . 2009-03-19 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-12-20 18:30 . 2009-12-20 18:30 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-12-20 18:30 . 2009-12-20 18:30 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-12-20 04:43 . 2009-11-07 22:11 -------- d-----w- c:\program files\DIFX 2009-12-20 04:43 . 2009-12-20 04:42 -------- d-----w- c:\program files\LeapFrog 2009-12-20 04:43 . 2009-12-20 04:43 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe 2009-12-20 04:42 . 2009-12-20 04:42 6106960 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe 2009-12-20 04:42 . 2009-12-20 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog 2009-11-28 06:31 . 2009-11-28 06:31 423464 ----a-w- c:\documents and settings\Administrator\Application Data\E-centives\BSTIEPrintCtl1.dll 2009-11-21 15:51 . 2002-08-29 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-10 15:27 . 2009-12-20 04:43 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys 2000-06-05 23:47 . 2008-02-10 16:51 32768 ----a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-08-21 81920] "VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136] "THGuard"="c:\program files\TrojanHunter 4.7\THGuard.exe" [2007-08-12 1103360] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 25600] "RunNarrator"="Narrator.exe" [2008-04-14 53760] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-01-31 05:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Desktop Manager.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Drempels Desktop.lnk] backup=c:\windows\pss\Drempels Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Miss Piggy HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uvnx HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-11-20 15:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-23 01:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-02-03 02:06 1217808 ----a-w- c:\program files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2006-10-12 09:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-10-03 02:34 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2008-11-06 03:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "VaCtrls"=v7 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "c:\\WINDOWS\\system32\\dllhost.exe"= "c:\\Program Files\\Ahead\\Nero\\nero.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "e:\\G6 FTP Server\\G6FTPSrv.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\ultraviolence72\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\ultraviolence72\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Steam\\steamapps\\ultraviolence72\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/17/2009 10:47 AM 64288] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [11/1/2004 11:21 AM 10368] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/12/2006 12:34 PM 648952] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/30/2010 11:08 PM 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/30/2010 11:08 PM 360584] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/30/2010 11:08 PM 285392] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1181328] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 10:19 AM 135664] S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/19/2009 10:43 PM 18560] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [11/7/2009 4:11 PM 36608] S3 SaiHFF0D;SaiHFF0D;c:\windows\system32\drivers\SaiHFF0D.sys [11/15/2005 11:09 AM 176640] S3 SaiUFF0D;SaiUFF0D;c:\windows\system32\drivers\SaiUFF0D.sys [11/15/2005 11:10 AM 27264] S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [11/8/2006 11:29 PM 165285] . Contents of the 'Scheduled Tasks' folder 2010-02-06 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:47] 2010-02-06 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:47] 2010-02-06 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:47] 2010-02-06 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:47] 2010-02-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:47] 2010-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-02-06 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-25 11:27] 2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:19] 2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:19] 2010-02-06 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: aol.com\free DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p= FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\kodak-companion@mozilla.com\platform\WINNT_x86-msvc\components\mozFotofox.dll FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NpIpx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{A5C4BB0D-80A6-48FA-928E-6B81CCD58CFE} - (no file) MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe MSConfigStartUp-AmazonGSDownloaderTray - c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe MSConfigStartUp-CTFMON - (no file) MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe MSConfigStartUp-ooVoo - (no file) AddRemove-AOL Instant Messenger - c:\program files\AIM\uninstll.exe AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-06 15:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8AF0E7B8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28 \Driver\ACPI -> ACPI.sys @ 0xb9e8ccb8 \Driver\atapi -> atapi.sys @ 0xb9e21b40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ce5bb0 PacketIndicateHandler -> NDIS.sys @ 0xb9cf2a21 SendHandler -> NDIS.sys @ 0xb9cd087b user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-2077806209-2147074499-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,31,83,db,5c,de,f3,48,97,88,e4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,31,83,db,5c,de,f3,48,97,88,e4,\ [HKEY_USERS\S-1-5-21-839522115-2077806209-2147074499-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:1b,fc,86,d7,43,69,b5,e8,ce,01,26,67,d0,56,5b,be,91,b7,b5,3d,e1,d9,c3, 41,64,17,df,74,9d,e0,50,5f,56,8d,6b,5c,c0,88,14,58,da,33,5f,37,09,8f,5a,7b,\ "??"=hex:9f,c8,cf,28,04,2b,32,99,1d,d9,79,13,09,49,cf,5d [HKEY_USERS\S-1-5-21-839522115-2077806209-2147074499-500\Software\SecuROM\License information*] "datasecu"=hex:2f,e0,41,03,a4,e0,cb,32,f6,0b,00,eb,64,7c,99,7a,a9,39,3f,ee,40, 5c,b3,4b,24,a7,e8,f8,48,a2,7f,2d,c6,b7,66,cb,e0,f0,ae,4e,ea,35,80,39,e6,29,\ "rkeysecu"=hex:23,85,eb,46,ff,2b,90,da,fd,40,65,58,c7,53,13,dc [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="D1B5AF765B3D69A649C3AB1DE1D1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74 CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D140 7 A9C6AECB7A5D1407C038D530D6EB3452E38E2CC97125C3C3D79C505BF3C20CDEAAABA22B04B7DCFC 3 2C008983A81E0BE2B38B6A918FB763458E6474D296C0D4C3611D4F63CDD1294B1AF31092BD1E3487 B 01A60A2E37E53166F04C2EC4BB92DCD4CAE3AF2CE12A963740D378E276EDBA99BDA11A4445E8D946 0 B8C93A929C9236D44266F25E9CD2A6A1D8EA7C6E23F758EF4B1DDEE06785F01B99A67BC2705C5A92 0 D5250012490B38256627BC013CE7A662C22C47D1338863B6ECE568953D8078341490156B0C0B4DE9 C 25F312E6D97F07626B2E8725A30006DDF9E1A4D0CA30C886348C379298D9DB2710A93BB019E42541 3 6FF5A3D4C22B7EAE77C298B091D95D2BB6EFB35A8AE07922B758ED47A9335221B6921AAB457D3F7E 2 959B70E421C2137197E877A8E926D69C8757DB5F81F7E4FB0E67B0CCBD43753C0D55C2B3FD07BB60 1 5BD3883AF0F0C076E897E3632516FDD71F5FC90253A31A9D372D32293B453ED5F4ECAAC1FD9A02C9 3 15E8F53AB0DF17EEDD65925DBF49FF67E46F2B3DF8CC2CD3D1A276D84346F21D0E51A435A8BD5460 5 625587984F95D231B6DFA50A11217AAA98E9998CBDAC31D13808C41C6DB627A0787B90F60B14105A 0 190D9484A183B391883B565E7C37F3D5081FE22C006EDFA02AD392835155E069CBEBF6B61CCC7673 D A746A39A1EE725A1D32ADF491939545F7190218EF642C573C9DB89B24428B69EADE41DEF8F171B0F 7 1130E8029FDF26071B81B0B7B9630E5B5C37E51EB3BAE4993BC6E364911B8736C1CA81053031F4C7 B 689254C985DE47272367039131593CF58EF57066AD979A803AEFD899E4A45C80684AC5EB116F5C6B 3 926BEE912C5EC9A2D56D4E0965A4509F6686D619255BE1799466FD08E0362705A61B40C3687C26A8 2 774D1B4AA02906ED5994F3D08496796BCF96C9A54007C7EC04C4F2CBB319EE8A04F8599B15EF9ED2 C F4BFE370C780565F2B48D53CFEEAAEB3A06FC54E441D9D5EB2BC232E2B61AE81BC0133047EE3CA20 3 F43869DEAFF267F6C0EFA6BBFDFD08E169E488398C660BCFD7A57C9878C44F14B7458BA0D41F8271 7 2F16B580854D95C6F2F6CCB789324C5A891B0E386E630FE131AB24ADDD27423CC8E20E30C7896172 A 7682D2F1D6B899FE9233917F131AE1CD7A2B94BB540849B6351707A8A89F11BC73BF09E7895B2CD9 4 B418D3D5A771D6592183ED88E9DE7C7B9F670724BE88EFCC16FAD39A7B620ECC0E84A0D72C6D50B6 F EA880D9027C2CE52385471E6FA15776230063D52085E205C8EBA33B419F4A185EFB8298DAB66CC9A A 9E822A7F0F0E8BA7659BA4FA0920E" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3224) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RunDLL32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2010-02-06 15:26:53 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-06 21:26 Pre-Run: 5,145,120,768 bytes free Post-Run: 5,594,513,408 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn Current=4 Default=4 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 9FB9DDE11634D2EB13DB8724EEE8006F
  6. OTL text - OTL logfile created on: 2/5/2010 11:23:09 PM - Run 2 OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Administrator\Desktop\Dianes pc progs Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.94 Gb Total Space | 4.91 Gb Free Space | 7.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 233.76 Gb Total Space | 71.07 Gb Free Space | 30.40% Space Free | Partition Type: NTFS Drive F: | 149.05 Gb Total Space | 6.66 Gb Free Space | 4.47% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BULLET Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\WINDOWS\system32\PnkBstrB.exe () PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Documents and Settings\Administrator\Desktop\Dianes pc progs\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\system32\PnkBstrA.exe () PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TrojanHunter 4.7\THGuard.exe (Mischel Internet Security) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Administrator\Desktop\Dianes pc progs\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (vwservice) -- File not found SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe () SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe () SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (SaiUFF0D) -- C:\WINDOWS\system32\drivers\SaiUFF0D.sys (Saitek) DRV - (SaiHFF0D) -- C:\WINDOWS\system32\drivers\SaiHFF0D.sys (Saitek) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (si3114r5) -- C:\WINDOWS\system32\drivers\si3114r5.sys (Silicon Image, Inc) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (speedfan) -- C:\WINDOWS\System32\speedfan.sys (Windows ® 2000 DDK provider) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (V0060VID) -- C:\WINDOWS\system32\drivers\V0060Vid.sys (Creative Technology Ltd.) DRV - (SiWinAcc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiFilter) -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.) DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (ASPI32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (giveio) -- C:\WINDOWS\System32\giveio.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultEngine: "Yahoo" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-flv" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-flv" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5 FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:1.7 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2009/09/19 09:33:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/30 23:08:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\Program Files\Flock\plugins FF - HKLM\software\mozilla\Flock 2.0b3\extensions\\Plugins: C:\Program Files\Flock\plugins FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/04 17:41:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/04 17:41:42 | 000,000,000 | ---D | M] [2008/10/19 17:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2008/10/19 17:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2008/08/29 23:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/02/05 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions [2009/09/02 14:59:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/07/22 01:33:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010/01/17 22:09:31 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2010/01/16 06:25:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/01/11 19:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\extensions\kodak-companion@mozilla.com [2008/03/17 18:17:27 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\searchplugins\aolsearch.xml [2008/12/12 12:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\niel086b.default\searchplugins\MySpace.xml [2009/11/11 20:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/06 12:09:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/01/06 12:08:58 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/06 12:08:58 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2000/06/05 17:47:00 | 000,032,768 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\AppSub32.dll [2009/05/01 15:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll [2009/11/28 00:31:53 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll [2009/05/12 12:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2009/05/18 16:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2007/12/19 12:57:00 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2000/06/05 17:48:00 | 000,098,304 | ---- | M] (Internet Pictures Corp.) -- C:\Program Files\Mozilla Firefox\plugins\NpIpx32.dll [2007/10/11 14:17:50 | 001,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2010/01/06 12:08:59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/10/02 20:34:31 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/02/04 17:41:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/10/02 20:34:35 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2009/10/02 20:34:27 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2009/05/01 15:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll [2009/07/30 01:24:20 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/07/30 01:24:20 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/07/30 01:24:20 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/07/30 01:24:20 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/07/30 01:24:20 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/07/30 01:24:20 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/07/30 01:24:20 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2009/12/20 16:42:16 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {A5C4BB0D-80A6-48FA-928E-6B81CCD58CFE} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 4.7\THGuard.exe (Mischel Internet Security) O4 - HKLM..\Run: [VF0060 STISvc] C:\WINDOWS\System32\V0060Pin.dll (Creative Technology Ltd.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - Reg Error: Value error. File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites) O15 - HKCU\..Trusted Domains: 115 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1161216857906 (WUWebControl Class) O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://adobe.kodakgallery.com/downloads/BU..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - AppInit_DLLs: (dshbtd.dll) - File not found O20 - AppInit_DLLs: (axrgks.dll) - File not found O20 - AppInit_DLLs: (xvgqbh.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\geBrrQge) - File not found O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/30 00:47:50 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point (16891891626803200) ========== Files/Folders - Created Within 30 Days ========== [2010/02/05 14:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder [2010/02/04 21:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp [2010/02/04 17:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/02/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/02/04 17:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/02/04 14:11:35 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Administrator\Desktop\StartUpLite.exe [2010/02/04 03:10:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop\2-2-10 [2010/02/04 02:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [2010/02/01 17:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss [2010/01/30 23:26:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\My Documents\My Webs [2010/01/30 23:08:47 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/01/30 23:08:35 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/01/30 23:08:35 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/01/30 23:08:30 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/01/30 23:08:28 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/01/30 23:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2010/01/30 23:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2010/01/30 23:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/01/30 23:07:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010/01/30 23:07:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010/01/30 23:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/01/30 23:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010/01/30 22:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dianes pc progs [2010/01/29 19:40:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010/01/28 19:03:16 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe [2010/01/21 12:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010/01/12 20:36:39 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010/01/06 14:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/01/06 10:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/02/01 18:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2007/12/02 23:06:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys [2007/11/07 13:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/08/12 20:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire [2007/08/06 17:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire [2006/11/08 22:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Creative [2006/08/11 13:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/02/05 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/02/05 22:20:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat [2010/02/05 20:48:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/02/05 17:59:35 | 055,153,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/02/05 17:47:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/02/05 17:12:08 | 000,156,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/05 16:25:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/02/05 16:25:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/02/05 16:25:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/02/05 16:25:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/02/05 16:25:19 | 000,199,903 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/02/05 16:25:12 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/05 16:25:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/02/05 16:25:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/02/05 16:24:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/05 16:24:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/05 16:24:31 | 000,123,675 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2010/02/05 16:23:39 | 017,825,792 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2010/02/05 16:23:39 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/05 16:23:39 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/05 16:23:39 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/05 16:23:39 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/05 16:23:39 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000007-00001102-00000004-20021102}.rfx [2010/02/05 16:23:39 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010/02/05 16:23:39 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010/02/05 16:23:31 | 002,108,860 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010/02/05 00:27:28 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010/02/05 00:27:28 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010/02/04 23:40:05 | 000,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010/02/04 16:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/02/04 14:22:24 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.CDF [2010/02/04 14:22:24 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.BAK [2010/02/04 14:11:35 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Administrator\Desktop\StartUpLite.exe [2010/02/04 12:26:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\win.ini [2010/02/04 12:26:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/02/04 12:26:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010/02/04 02:40:49 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/02/04 00:07:51 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk [2010/02/03 23:06:34 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Killing Floor.lnk [2010/02/01 20:47:57 | 192,656,532 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nierika.rar [2010/01/31 21:53:59 | 000,064,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\camaro.jpg [2010/01/30 23:08:35 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/01/30 23:08:35 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/01/30 23:08:30 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/01/30 23:08:28 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/01/30 23:08:28 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/01/30 23:08:25 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2010/01/30 23:08:25 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2010/01/30 23:08:25 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/01/28 19:03:17 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe [2010/01/27 17:47:16 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010/01/23 08:50:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/01/16 12:00:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job [2010/01/12 23:40:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/09 19:32:59 | 000,114,223 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ethanskinedit2.jpg [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/04 02:40:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010/02/03 23:06:34 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Killing Floor.lnk [2010/02/01 20:45:34 | 192,656,532 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nierika.rar [2010/01/31 21:53:59 | 000,064,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\camaro.jpg [2010/01/31 09:44:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat [2010/01/30 23:08:28 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/01/30 23:08:25 | 055,153,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/01/30 23:08:25 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2010/01/30 23:08:25 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2010/01/30 23:08:25 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/01/13 04:15:11 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000005-00000000-00000007-00001102-00000004-20021102}.BAK [2010/01/12 23:39:58 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010/01/09 19:32:57 | 000,114,223 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ethanskinedit2.jpg [2009/12/22 17:59:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009/12/19 22:43:30 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini [2009/12/16 20:57:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/11/19 21:56:21 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2009/11/07 16:11:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009/11/07 16:11:36 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009/11/07 16:11:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/04/01 20:16:29 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kodakpcd.ini [2009/04/01 19:46:41 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/03/10 21:15:22 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/03/10 21:15:20 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/03/10 21:15:20 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2009/03/10 21:15:19 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/03/10 21:15:19 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/03/10 21:15:19 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/02/01 00:08:28 | 000,053,949 | -HS- | C] () -- C:\WINDOWS\System32\egQrrBeg.ini2 [2009/02/01 00:08:27 | 000,053,949 | -HS- | C] () -- C:\WINDOWS\System32\egQrrBeg.ini [2009/01/23 12:31:24 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\DD53C1 [2009/01/23 12:31:23 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mcs.rma [2009/01/19 01:56:19 | 000,033,741 | -HS- | C] () -- C:\WINDOWS\System32\Rutwyyxx.ini2 [2009/01/19 01:56:18 | 000,033,741 | -HS- | C] () -- C:\WINDOWS\System32\Rutwyyxx.ini [2008/12/26 00:08:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/12/26 00:08:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/12/26 00:08:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/12/26 00:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/11/09 19:31:44 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml [2008/11/09 19:31:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe [2008/09/01 15:12:35 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2008/07/24 14:27:01 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll [2008/07/24 14:27:01 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll [2008/07/14 02:06:23 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008/03/29 23:57:35 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2008/03/01 01:27:21 | 000,215,144 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2008/01/19 20:32:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2007/12/02 23:06:11 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log [2007/12/02 23:06:07 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ezpinst.exe [2007/12/02 23:06:07 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat [2007/12/02 23:06:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf [2007/11/11 15:28:29 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007/09/25 17:52:43 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2007/09/25 17:52:43 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SSLeay32.dll [2007/08/19 14:45:34 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007/08/12 12:04:31 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007/07/09 21:36:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/05/30 07:52:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/04/24 20:53:53 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2007/03/04 01:48:53 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini [2007/01/08 17:31:35 | 000,001,170 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2006/12/16 13:31:01 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini [2006/12/09 19:31:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS43.DLL [2006/11/28 19:04:43 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2006/11/28 19:04:43 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2006/11/14 21:27:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/11/12 12:50:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006/11/12 12:50:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006/11/12 12:50:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006/11/12 12:50:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006/11/12 12:50:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006/11/12 12:50:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006/11/12 12:34:06 | 000,648,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006/11/09 00:27:08 | 000,006,186 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006/11/09 00:27:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2006/11/09 00:27:06 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006/10/18 20:31:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2006/10/18 14:23:23 | 000,156,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/08/11 14:14:08 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006/08/11 13:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006/06/09 00:26:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2006/05/23 11:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2006/03/09 01:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/03/09 01:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005/06/29 07:34:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll [2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll [1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2008/07/23 10:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado [2006/12/16 13:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore [2006/11/19 13:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim [2009/08/21 21:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon [2009/03/10 21:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Any Video Converter Professional [2008/01/21 23:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock [2009/07/10 01:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Camfrog [2008/10/11 21:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon [2007/08/22 20:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp [2009/11/28 00:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\E-centives [2006/11/11 20:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlashFXP [2008/10/19 17:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flock [2006/11/28 18:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft [2006/11/12 13:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo [2009/12/20 12:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2007/05/08 22:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MusicIP [2009/12/20 17:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\No Company Name [2008/08/30 15:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Off Road [2008/02/06 14:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ooVoo Details [2009/11/07 16:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite [2009/12/20 16:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25. 1 [2009/10/01 00:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QQ Games Plugin [2008/07/24 14:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\River Past G5 [2009/11/11 20:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung [2008/07/03 10:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux [2009/01/18 17:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab [2007/04/24 21:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrojanHunter [2008/11/09 19:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso [2009/10/01 00:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2009/03/22 23:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon [2010/01/30 23:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2007/01/28 01:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2009/03/10 21:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Keronsoft [2009/12/19 22:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog [2008/07/24 18:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS [2009/11/07 16:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008/07/24 14:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5 [2009/12/20 17:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2009/03/10 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/01 00:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent [2009/10/01 00:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/03/12 17:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009/09/10 16:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/09 17:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/01/29 19:40:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2009/10/17 10:46:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2010/02/05 16:25:48 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2010/02/05 17:47:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2010/02/05 16:25:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2010/02/05 16:25:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2010/02/05 16:25:52 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/02/05 16:25:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/01/16 12:00:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Schedule Task Weekly.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/02/05 16:24:31 | 000,024,134 | ---- | M] () -- C:\aaw7boot.log [2009/12/20 16:45:22 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt [2010/02/04 12:26:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2006/10/18 10:06:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/10/18 10:06:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/10/18 20:59:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/19 12:58:12 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/02/05 16:24:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys < MD5 for: AGP440.SYS > [2006/10/18 20:57:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/08/19 12:55:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2006/10/18 20:57:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008/08/19 12:55:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2006/10/18 20:57:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/08/19 12:55:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2006/10/18 20:57:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008/08/19 12:55:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\WINDOWS:9B7F4DE4E6E37540 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C < End of report > GMER is attached ark.rar
  7. Yeah, I have unplugged everything and let it sit for a few minutes and powered it all back up. Still getting the issues. I'm wondering if this machine may have gotten something....mind if I post a hijackthis log?
  8. Linksys modem - BEFCMU10 ver3 Linksys router - WRT300N Wireless-N
  9. OK got it... One more favor if you don't mind. We are still having some internet connectivity issues. (ie- one pc is being used online and when the other one is used online the 1st one goes offline and other random drops) How can I tell if this is just a hardware problem or something still in one of the computers that is causing this?
  10. OK, got everything finished then. Thanks a ton for your help. I did notice earlier when I ran OTL that it said that CyberDefender Internet Security was running still. How do I get rid of that thing? I uninstalled it but apparently there are still traces of it left on the machine. If you have any ideas for that one let me know. Otherwise, awesome job....things seem to be working properly.
  11. OK, got everything finished then. Thanks a ton for your help. I did notice earlier when I ran OTL that it said that CyberDefender Internet Security was running still. How do I get rid of that thing? I uninstalled it but apparently there are still traces of it left on the machine. If you have any ideas for that one let me know. Otherwise, awesome job....things seem to be working properly.
  12. You said to get "Java SE Runtime Environment (JRE) 6 Update 18" and then run "jre-6u10-windows-i586-p.exe" but the only exe file they show on the download page is this one with a different name. Should I download and install this one or is there a different one I need to look for? Select All File Description and Name Size Windows Offline Installation jre-6u18-windows-i586.exe 15.20 MB
  13. OTL text - OTL logfile created on: 2/3/2010 2:38:27 AM - Run 4 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 693.00 Mb Available Physical Memory | 68.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.79 Gb Total Space | 38.03 Gb Free Space | 54.49% Space Free | Partition Type: NTFS Drive D: | 203.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 308.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded Drive G: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 1.91 Gb Total Space | 1.76 Gb Free Space | 92.39% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: DIANE Current User Name: Diane Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\SYSTEM32\PnkBstrB.exe () PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\WINDOWS\SYSTEM32\PnkBstrA.exe () PRC - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe () PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP) PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation) PRC - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (PnkBstrB) -- C:\WINDOWS\SYSTEM32\PnkBstrB.exe () SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\WINDOWS\SYSTEM32\PnkBstrA.exe () SRV - (FlipShare Service) -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP) SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation) SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (MpFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys (Microsoft Corporation) DRV - (FlyUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys (LeapFrog) DRV - (IrBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (LHidKe) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidKE.Sys (Logitech Inc.) DRV - (LMouKE) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys (Logitech Inc.) DRV - (LUsbKbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\LUsbKbd.sys (Logitech Inc.) DRV - (LHidUsbK) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbK.sys (Logitech Inc.) DRV - (L8042mou) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042MOU.SYS (Logitech Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.SYS (Logitech Inc.) DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP17v2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd) DRV - (ctdvda2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys (Creative Technology Ltd) DRV - (HPZius12) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys (HP) DRV - (pfc) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys (Padus, Inc.) DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (V0060VID) -- C:\WINDOWS\SYSTEM32\DRIVERS\V0060Vid.sys (Creative Technology Ltd.) DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.) DRV - (atinewp2) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (E100B) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7 FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 22:28:50 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 20:44:41 | 00,000,000 | ---D | M] [2009/12/19 22:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Parkert\Application Data\Mozilla\Extensions [2009/12/19 22:41:00 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane Parkert\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/01/26 22:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Parkert\Application Data\Mozilla\Firefox\Profiles\2kg1oqvi.default\extensions [2010/02/02 13:51:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2006/11/01 12:16:18 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/26 22:28:50 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/01/26 22:28:43 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/26 22:28:43 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/01/26 22:28:45 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2009/12/02 01:38:29 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/12/02 01:38:29 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml [2009/12/02 01:38:29 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/12/02 01:38:29 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/12/02 01:38:29 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/12/02 01:38:29 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/12/02 01:38:29 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/02/01 13:42:08 | 00,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [VF0060 STISvc] C:\WINDOWS\System32\V0060Pin.dll (Creative Technology Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites) O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/3...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Autodesk WHIP! Control) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (ZoneIntro Class) O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (CBreakshotControl Class) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\bw+0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw+0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw-0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw00 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw00s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw-0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw10 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw10s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw20 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw20s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw30 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw30s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw40 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw40s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw50 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw50s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw60 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw60s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw70 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw70s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw80 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw80s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw90 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bw90s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwa0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwa0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwb0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwb0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwc0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwc0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwd0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwd0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwe0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwe0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwf0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwf0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwg0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwg0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwh0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwh0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwi0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwi0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwj0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwj0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwk0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwk0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwl0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwl0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwm0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwm0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwn0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwn0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwo0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwo0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwp0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwp0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwq0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwq0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwr0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwr0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bws0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bws0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwt0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwt0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwu0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwu0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwv0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwv0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bww0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bww0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwx0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwx0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwy0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwy0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwz0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\bwz0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {54604A57-693B-4231-8AD1-3A2BEED98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/10 13:40:24 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2000/06/10 05:45:33 | 00,000,054 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002/07/13 13:16:38 | 00,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002/09/17 09:47:34 | 00,753,664 | R--- | M] (Infogrames) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006/12/11 14:03:59 | 00,000,277 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{4c09d063-1e79-11de-860f-001111c3c8e7}\Shell - "" = AutoRun O33 - MountPoints2\{4c09d063-1e79-11de-860f-001111c3c8e7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4c09d063-1e79-11de-860f-001111c3c8e7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2006/12/07 12:45:13 | 01,095,224 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/02 13:33:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/02 13:33:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/02 13:33:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/02 13:30:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2010/02/02 10:11:15 | 00,417,136 | ---- | C] (Sysinternals) -- C:\WINDOWS\handle.exe [2010/02/01 14:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs [2010/02/01 13:47:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/02/01 10:39:42 | 00,000,000 | RHSD | C] -- C:\cmdcons [2010/02/01 08:26:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/02/01 08:26:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/02/01 08:26:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/02/01 08:26:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/02/01 08:26:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/01/31 21:10:01 | 00,000,000 | ---D | C] -- C:\Qoobox [2010/01/30 21:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/01/30 10:08:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Diane Parkert\Desktop\Temporary Internet Files [2010/01/29 22:41:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2010/01/29 19:32:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} [2010/01/29 11:31:14 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2010/01/29 11:31:14 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2010/01/28 20:50:53 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/01/28 20:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth [2010/01/28 20:47:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/01/28 19:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2010/01/27 21:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2010/01/27 21:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2010/01/26 23:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\RegScrubXP [2010/01/26 22:43:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010/01/26 22:43:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010/01/26 22:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010/01/26 21:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/01/26 21:18:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/01/26 21:09:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\My Documents\Downloads [2010/01/26 20:56:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Diane Parkert\IECompatCache [2010/01/26 20:39:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\Threat Expert [2010/01/26 09:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop [2010/01/26 09:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\PCPitstop [2010/01/24 19:41:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/01/24 19:29:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\Application Data\AVG8 [2010/01/24 10:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/01/13 23:40:29 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010/01/10 08:09:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2009/12/09 07:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2009/12/03 07:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/03/19 15:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint [2008/09/07 07:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2006/07/03 17:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HP [2005/12/15 11:03:40 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll [2005/02/18 21:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall [2005/02/15 09:25:30 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/02/02 13:33:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/01 13:42:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/02/01 13:42:08 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2010/02/01 13:42:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/02/01 11:00:23 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/02/01 10:55:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/01 10:55:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/02/01 10:55:06 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys [2010/02/01 10:54:23 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx [2010/02/01 10:54:23 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx [2010/02/01 10:54:23 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx [2010/02/01 10:54:23 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx [2010/02/01 10:54:23 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx [2010/02/01 10:54:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010/02/01 10:54:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010/02/01 10:54:01 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\Diane Parkert\NTUSER.DAT [2010/02/01 10:54:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Diane Parkert\NTUSER.INI [2010/02/01 10:39:48 | 00,000,279 | RHS- | M] () -- C:\BOOT.INI [2010/01/31 00:47:12 | 00,000,778 | ---- | M] () -- C:\WINDOWS\WIN.INI [2010/01/31 00:47:12 | 00,000,209 | ---- | M] () -- C:\Boot.bak [2010/01/30 21:17:14 | 00,222,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/01/28 20:47:41 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2010/01/27 22:36:01 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010/01/27 22:34:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Diane Parkert\defogger_reenable [2010/01/27 20:51:44 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\housecall.guid.cache [2010/01/26 23:20:23 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Diane Parkert\Desktop\RegScrubXP.lnk [2010/01/26 22:12:05 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\poreleji [2010/01/26 22:03:44 | 00,000,589 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/01/26 20:21:50 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Groreda.dat [2010/01/26 09:45:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ctupi.bin [2010/01/22 03:16:39 | 02,639,268 | -H-- | M] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\IconCache.db [2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/01/14 03:03:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/02 13:33:54 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/01 10:39:48 | 00,000,209 | ---- | C] () -- C:\Boot.bak [2010/02/01 10:39:45 | 00,260,272 | ---- | C] () -- C:\cmldr [2010/02/01 08:26:04 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/02/01 08:26:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/02/01 08:26:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/02/01 08:26:04 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/02/01 08:26:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/01/28 20:52:51 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/01/28 20:47:41 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2010/01/27 22:34:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\defogger_reenable [2010/01/27 20:51:44 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\housecall.guid.cache [2010/01/26 23:20:23 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Desktop\RegScrubXP.lnk [2010/01/26 22:04:11 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\poreleji [2010/01/26 09:45:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ctupi.bin [2010/01/26 09:45:27 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Groreda.dat [2009/12/19 23:35:38 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini [2009/10/03 17:03:21 | 00,002,065 | ---- | C] () -- C:\WINDOWS\Disney.ini [2009/01/24 11:00:04 | 00,000,075 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini [2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/07/19 20:17:28 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Application Data\PnkBstrK.sys [2008/07/19 20:17:07 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2007/11/10 21:29:55 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007/03/20 15:16:28 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Application Data\PFP120JPR.{PB [2007/03/20 15:16:28 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Application Data\PFP120JCM.{PB [2006/11/01 14:22:13 | 00,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL [2006/10/18 17:36:18 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/08/11 21:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/08/11 21:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/08/11 21:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/08/11 21:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/07/25 17:21:03 | 00,050,410 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2006/07/19 20:06:26 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini [2006/07/03 16:56:07 | 00,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/07/03 16:55:58 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2006/05/19 20:35:02 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005/12/08 11:24:52 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2005/06/16 17:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2005/06/10 16:24:04 | 00,000,092 | ---- | C] () -- C:\WINDOWS\ka.ini [2005/03/28 18:21:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005/03/25 21:27:45 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005/02/20 12:33:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/02/20 12:21:00 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS43.DLL [2005/02/18 21:05:32 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/02/18 20:59:08 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\fusioncache.dat [2005/02/15 09:35:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/02/15 09:30:19 | 00,000,589 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/02/15 09:25:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2005/02/15 09:25:32 | 00,000,193 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/02/15 09:25:09 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2005/02/15 08:56:06 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/19 16:22:58 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/08/10 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI [2003/03/21 16:56:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 < End of report >
  14. Malwarebytes log Malwarebytes' Anti-Malware 1.44 Database version: 3680 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/2/2010 1:39:34 PM mbam-log-2010-02-02 (13-39-34).txt Scan type: Quick Scan Objects scanned: 132509 Time elapsed: 4 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Kaspersky log -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, February 2, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, February 02, 2010 20:42:55 Records in database: 3398731 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 81046 Threats found: 3 Infected objects found: 2 Suspicious objects found: 1 Scan duration: 01:54:28 File name / Threat / Threats count C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\Identities\{B32D48CA-91FC-4570-8853-6AD2EA99D834}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\4827.exe.vir Infected: Trojan.Win32.Agent.dgbl 1 C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\44699996.Evt.vir Infected: Trojan-Proxy.Win32.Saturn.jt 1 Selected area has been scanned.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.