Jump to content

aoex

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by aoex

  1. Thanks for your help, but I ended up formatting the hd. I couldn't delay it any longer. Also, I wanted to install win7 over vista.
  2. Extras.txt file OTL Extras logfile created on: 11/8/2010 1:06:40 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Serban\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.29 Gb Total Space | 62.32 Gb Free Space | 28.29% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.47 Gb Free Space | 54.69% Space Free | Partition Type: NTFS Drive E: | 3.69 Gb Total Space | 3.39 Gb Free Space | 91.91% Space Free | Partition Type: NTFS Computer Name: SERBAN-PC | User Name: Serban | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1BC59EC3-2EDB-4DBF-9A15-CB94D1850630}" = lport=10243 | protocol=6 | dir=in | app=system | "{360B865B-CB6C-4976-B534-0B7B26BEA21E}" = rport=10243 | protocol=6 | dir=out | app=system | "{3ABEE3EB-5896-493F-ACC6-1A40D97CF1A2}" = lport=2869 | protocol=6 | dir=in | app=system | "{48748DC1-C6D5-4314-87EC-1F8BE76425C1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{5D7E8502-A162-4E52-8906-90AF4D8078B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E0C66B8-8D80-417B-B142-495AEB7A0465}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7D37E22A-D591-47FA-9609-49D399B94AF8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9774C9CA-4E0B-4035-B7B6-6D61D1F725EA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9D96A577-DBF5-400E-80A4-2ACBCBDA5178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ACEFB96B-5E31-478E-AEEA-081AE4274849}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D64C24CA-E279-4DB0-8723-D091FC7E78FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E8F91D31-06BC-43B6-8767-7BB7412BE355}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED383C13-1C95-496A-901B-09DF54035BF6}" = lport=2869 | protocol=6 | dir=in | app=system | "{F5BF29E8-5E9A-480E-BCA4-21DDDACB1C1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04D2E5D7-2BAD-48F5-8406-83206266FBBA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{05B2DFFA-4FBD-4286-9820-3E0151DC2D11}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{0B28B5DF-7D0F-404A-B3BB-E304E30FF993}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{143DCC64-504A-4FB5-AE45-BFCB2B7AF730}" = protocol=17 | dir=in | app=c:\users\serban\appdata\local\google\google talk plugin\googletalkplugin.exe | "{14BC744C-60AF-47EE-8F19-EBE32F0A8D52}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{17747D67-CBD1-4020-BCBD-7612DD0E888D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{1A7F2B45-CDC9-4875-B263-2512AF412B6F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{1B4FF0EC-013F-48C9-A0E4-50D30E8970E5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{1C0DC8BF-F894-43E8-AC05-B33E253FD4CB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{1F976335-F3D5-4422-AD7A-42A975D188E1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{2A6B45C3-96BC-4FF0-BD64-7C23ABA9BE67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2CE9C14F-A842-490B-801C-5F651EBD2C83}" = protocol=17 | dir=in | app=c:\users\serban\appdata\local\google\google talk plugin\googletalkplugin.dll | "{2E434318-B613-40C2-8E66-8CC8E49450C3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{315063D8-60ED-4FF3-AEB5-40F9EE9BF7EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{34E038FD-CC05-4972-B932-9269F40E0A72}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | "{35C9B725-BAB7-47D5-894A-427BB6D0F78E}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | "{3A218FB0-B585-44BA-B0BA-41A9494C3C78}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{3E9C8DAC-C2EC-47ED-AEB9-1D5612574392}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4047EFC2-D27A-4E57-8599-0DA616581355}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{43DFAFDB-62A8-4D0A-99F6-6422D5AF8360}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{459B1B66-D00B-4081-9A37-689DAFD9418B}" = protocol=6 | dir=out | app=system | "{4A9C7F16-A329-4F3E-B347-374B0BE0A55F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{4AD0D496-EDD0-4673-9AD0-9F1170BE3DAB}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{505C21C9-E549-4E65-83BD-445C5577B3ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5421699E-9BD8-42E4-B7EA-535B93B38EE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{60E90E1A-25D8-4E43-8EDF-103BB68625CA}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | "{6153FC73-8C70-4434-98AA-B040547E6079}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{680BDA1C-DC0D-43B0-8FCF-09B1F531F7EE}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe | "{68B58441-5572-4E4D-8FBF-AEB96B87E805}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{68C44677-EB27-41A8-ABB4-7FF3C42BF9F0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{6AAEDC38-C70E-46FD-8538-B0DA93BA1D54}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{6AFD3C50-9F97-4833-9103-EE2000ECF174}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{6D807A1A-E43E-4917-AA2A-2F2F1B77CF16}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{7034FC3B-7CAA-4DDB-8C54-2CA73A1C503C}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{72346684-9F4F-4C59-85D0-FE72617ED962}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | "{787CD485-6591-4ADC-82C4-AA0A3D801622}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{78DB4D2D-69FD-4E57-B8C7-86136F916885}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{89F82BFE-F87F-49B0-977C-5432D30069D0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{8CD9A02B-D730-470D-B723-473A9B731942}" = protocol=6 | dir=in | app=c:\users\serban\appdata\local\google\google talk plugin\googletalkplugin.dll | "{8D675D85-4A34-419A-A677-7721D76F9908}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{9A603F45-3FE4-464C-889E-38AD0F458696}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A4E45DB0-A56B-4332-8AB6-5A1953F7B265}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A6E4829B-FB29-4C8B-BF52-48AA003F9A60}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{A779D3C3-E69D-4ADF-9140-829BF931345C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A8B016D6-59D8-408F-AACC-14B17666FCBC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{ADFCCA43-2E62-4FD2-8771-7B318DABE993}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{BAA0FA49-3C34-4175-B018-ABA0B1DB36CE}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{C0BF475F-0440-480F-8CC1-E18E2460E45D}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe | "{C8EA3F1B-6540-49DD-9D7B-028EB876E567}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CCC09565-988F-4DBB-8C96-861EE46B0804}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CDA62BF2-E7DA-49BD-91B3-4ACD88FD1C59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D58DF78F-E3A5-42AA-874A-95E726FB9CDB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{D590673E-7F2C-4841-83A4-0E1A4740A893}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{D6F85ACC-C535-447F-8BD7-3124CD0DA60E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DD6B5781-27B7-44BC-94AE-DB783EA2D269}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{E089DA78-1B32-40A0-9A5C-881897CB81B9}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{E72909A5-A4D2-4D9C-ABA9-C9BC1B6263B4}" = protocol=6 | dir=in | app=c:\users\serban\appdata\local\google\google talk plugin\googletalkplugin.exe | "{EBAA6A27-E02B-4B8C-AE01-FD1A7902B8B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA565AA0-C88B-435B-81F5-5AD92AFD51A8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{FBA104A3-9E8B-4F13-80A9-F264ED488645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD32056B-3F44-405A-AC01-3F7D9CD4EE37}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{FE5C007A-AD1E-4B93-8953-F291AB13DD84}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{FEBE7BBF-F474-41EE-8B41-D4E2B84FA85A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{00F949E9-E8F9-49C1-8D52-73D81D6F0CC8}C:\users\serban\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\serban\program files\dna\btdna.exe | "TCP Query User{052247BB-B536-4215-86FC-54C81925F553}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "TCP Query User{1C99DAC7-EB95-4AB6-AD48-094BB8242A6E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{2080FBBC-0AF2-43FB-88B5-5B067F845438}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe | "TCP Query User{28995CCE-268B-4639-9B07-991B930F85FC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{3DA7CDBB-867C-482C-B7FF-D44A29B52986}C:\users\serban\appdata\roaming\vusbsp\vonagetalkusb.exe" = protocol=6 | dir=in | app=c:\users\serban\appdata\roaming\vusbsp\vonagetalkusb.exe | "TCP Query User{3F1F90D4-4BB4-4653-80F4-51C6FC99F768}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{51769F56-1364-4B5C-8BD5-4B6C73EA7E66}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{796F2E85-B112-4BAA-9C5D-EC4F7208C985}C:\users\serban\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\serban\program files\dna\btdna.exe | "TCP Query User{8BAF7576-CD4B-478D-805F-426CA204587B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{A0D86447-F00B-4889-BB33-25E0588879D5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{A86DB3CB-E748-4F63-9161-C8682C4C6382}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{C423A010-133C-4E31-96EB-31F3CB28423D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{D6E2DA4E-6B90-4664-8E1C-9FE7B70CFD8C}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{D8ADBF9B-B4C3-4191-AF4B-F0614B99776F}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{E289ED1B-D4E9-4CF5-8704-AFC89CA1FAC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E4C48E71-9651-4FA6-876E-435CBEF5A4F6}C:\users\serban\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\serban\appdata\local\temp\nero web\setupxu.exe | "TCP Query User{FA717E84-487D-4824-B9DB-8FC717096F94}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | "UDP Query User{0C575F3C-0DAC-4DAF-A272-02B7C1F0D8BD}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | "UDP Query User{0D73F40B-BA9C-425D-B695-E5708D6C0AE2}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{15A326F7-5579-4F47-B15D-79EC9F39BC3C}C:\users\serban\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\serban\program files\dna\btdna.exe | "UDP Query User{294ADECD-2A0C-4F5E-9E01-B9A7940AC5B2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{3370F47D-9152-4342-8203-D06882F0E774}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{40E33788-330D-4D1D-BD1A-F2E020AC441C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{439DA6DC-784D-4D0C-8D95-AF7889880FAD}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{44EF5862-881F-402A-A712-C1E1B399D481}C:\users\serban\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\serban\appdata\local\temp\nero web\setupxu.exe | "UDP Query User{B5A5C004-16FB-42DE-AA75-62778A156DCD}C:\users\serban\appdata\roaming\vusbsp\vonagetalkusb.exe" = protocol=17 | dir=in | app=c:\users\serban\appdata\roaming\vusbsp\vonagetalkusb.exe | "UDP Query User{B8889C90-A1FB-4236-B8D5-2A309B1B93AE}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{B9FC8121-253A-45FB-822A-55E601AE8E11}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{C2610013-71BB-49B8-A5CE-2A7117953EB2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{CBFB8D8F-3B3A-4A23-97BE-EC0927715132}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{D85EB1A7-7AC8-4025-B1CE-77D263DDF478}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe | "UDP Query User{EC1E1CD0-62FA-4F72-AEC7-05DD74C79292}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{EC4824D3-B768-4BFE-AD48-BC2330479388}C:\users\serban\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\serban\program files\dna\btdna.exe | "UDP Query User{F48ED6AE-A511-4AC5-AC00-2DC198C35B19}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "UDP Query User{F6E0AB83-E093-4E8E-8FA1-8C91D0BEC6C4}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08A6039D-A5B8-46E8-A3F9-7E2AE5C1B191}" = Nitro PDF Professional "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1C504B59-FFBF-4A65-9E0E-FE06159CAB9B}" = WD Drive Manager (x86) "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2B34414C-14FB-11D6-A329-0050045C24B2}" = DVD@ccess 2.0.3 "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009 "{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42 "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002 "{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English "{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007 "{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007 "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007 "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007 "{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_Access_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_InfoPath_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_Access_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_InfoPath_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_Access_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_InfoPath_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-0044-0000-0000-0000000FF1CE}" = Microsoft Office InfoPath 2007 "{90120000-0044-0000-0000-0000000FF1CE}_InfoPath_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0044-0000-0000-0000000FF1CE}_InfoPath_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_InfoPath_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_InfoPath_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007 "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_Access_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_InfoPath_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}" = Revit Architecture 2009 "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran
  3. OTL.txt file OTL logfile created on: 11/8/2010 1:06:40 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Serban\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.29 Gb Total Space | 62.32 Gb Free Space | 28.29% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.47 Gb Free Space | 54.69% Space Free | Partition Type: NTFS Drive E: | 3.69 Gb Total Space | 3.39 Gb Free Space | 91.91% Space Free | Partition Type: NTFS Computer Name: SERBAN-PC | User Name: Serban | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Serban\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Serban\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC) SRV - (MemeoBackgroundService) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe (Memeo) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe () SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (iPFDeviceAgentService) -- C:\Windows\System32\cnwiolss.exe (CANON INC.) SRV - (Autodesk Network Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (iaNvStor) Intel® -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (LBeepKE) -- C:\Windows\System32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (LHidKE) -- C:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (DVDAccss) -- C:\Windows\System32\drivers\DVDAccss.sys (Apple Computer, Inc.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\Dgivecp.Sys (DeviceGuys, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&cli...amp;ibd=6080618 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.ca/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12 FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 02:01:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 20:47:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 14:33:04 | 000,000,000 | ---D | M] [2010/10/29 20:47:39 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Mozilla\Extensions [2010/10/29 20:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serban\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/01 02:12:12 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2010/10/29 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Mozilla\Firefox\Profiles\zftgcfoz.default\extensions [2010/10/29 20:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serban\AppData\Roaming\Mozilla\Firefox\Profiles\zftgcfoz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/10/29 20:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serban\AppData\Roaming\Mozilla\Firefox\Profiles\zftgcfoz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/10/29 20:47:46 | 000,000,656 | ---- | M] () -- C:\Users\Serban\AppData\Roaming\Mozilla\Firefox\Profiles\zftgcfoz.default\searchplugins\icqplugin.xml [2010/10/31 15:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/10/29 20:47:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/04/01 10:36:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/08/05 01:42:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/10/20 17:32:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/11/09 15:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010/05/19 09:47:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/19 05:38:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/27 01:10:18 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/10/27 01:10:20 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll [2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/02/06 11:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2010/10/27 01:10:21 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL [2010/05/10 07:26:42 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2010/07/08 11:40:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/07/08 11:40:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/07/08 11:40:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/07/08 11:40:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/07/08 11:40:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/07/08 11:40:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/07/08 11:40:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2010/05/10 07:27:04 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2010/05/10 07:26:25 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2010/10/26 23:49:27 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/10/26 23:49:27 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/10/26 23:49:27 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/10/26 23:49:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/10/26 23:49:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/10/26 23:49:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/10/26 23:49:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/10/29 21:44:58 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: alphabank.ro ([ibweb] https in Trusted sites) O15 - HKCU\..Trusted Domains: btrl.ro ([bt24] https in Trusted sites) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\bw+0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {fc7f09e9-545e-4e01-b03f-86ca423287b4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {FC7F09E9-545E-4E01-B03F-86CA423287B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll acaptuser32.dll) - C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll acaptuser32.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Serban\Wallpaper\route_dautomne_hd_widescreen_wallpaper_1920x1200.jpg O24 - Desktop BackupWallPaper: C:\Users\Serban\Wallpaper\route_dautomne_hd_widescreen_wallpaper_1920x1200.jpg O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/11/07 11:20:34 | 000,000,000 | ---D | M] - E:\AUTOCAD_2002_(Ingles) -- [ NTFS ] O33 - MountPoints2\{0a577cf1-c8a0-11de-aaaf-001fe1dd7d53}\Shell - "" = AutoRun O33 - MountPoints2\{0a577cf1-c8a0-11de-aaaf-001fe1dd7d53}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{175682e0-be3d-11de-a006-001fe1dd7d53}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{2b8bfde6-e7be-11dd-8c2e-001fe1dd7d53}\Shell - "" = AutoRun O33 - MountPoints2\{2b8bfde6-e7be-11dd-8c2e-001fe1dd7d53}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{ac4478d0-5301-11dd-b1bb-001fe1dd7d53}\Shell - "" = AutoRun O33 - MountPoints2\{ac4478d0-5301-11dd-b1bb-001fe1dd7d53}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/08 13:05:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Serban\Desktop\OTL.exe [2010/11/07 13:20:29 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW [2010/10/31 15:15:46 | 000,000,000 | ---D | C] -- C:\Users\Serban\Desktop\JavaRa [2010/10/31 14:33:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/10/30 12:30:59 | 000,000,000 | ---D | C] -- C:\nircmd [2010/10/29 21:18:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/10/29 21:17:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/10/29 19:16:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/10/29 14:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking [2010/10/29 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Serban\AppData\Roaming\Nurial [2010/10/29 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Serban\AppData\Roaming\Loil [2010/10/28 22:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/10/28 22:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/10/28 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\Serban\Desktop\anti-virus programs ALEX [2010/10/28 00:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner [2010/10/27 23:44:11 | 000,000,000 | ---D | C] -- C:\Users\Serban\AppData\Roaming\Malwarebytes [2010/10/27 23:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/10/27 23:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/25 22:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken [2010/10/25 21:06:02 | 000,000,000 | ---D | C] -- C:\Users\Serban\Documents\Quicken [2010/10/25 21:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Config [2010/10/25 21:02:06 | 004,199,784 | ---- | C] (Amyuni Technologies http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll [2010/10/25 21:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit [2010/10/25 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Serban\AppData\Roaming\Intuit [2010/10/25 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit [2010/10/17 19:46:56 | 000,000,000 | ---D | C] -- C:\Users\Serban\Desktop\Craigslist +Kijiji [2010/10/16 09:32:39 | 000,000,000 | ---D | C] -- C:\Users\Serban\Documents\Microsoft [2010/10/14 21:23:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2010/10/14 20:49:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2010/10/14 20:46:00 | 000,000,000 | ---D | C] -- C:\Users\Serban\AppData\Local\Canon Easy-PhotoPrint EX [2010/10/14 20:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2010/10/14 20:30:18 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmSE.DLL [2010/10/14 20:30:18 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmID.DLL [2010/10/14 20:30:18 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmGR.DLL [2010/10/14 20:30:18 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmFI.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmTR.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmTH.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmNO.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmKR.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmHU.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmDK.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmCZ.DLL [2010/10/14 20:30:18 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmAR.DLL [2010/10/14 20:30:18 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmTW.DLL [2010/10/14 20:30:18 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmCN.DLL [2010/10/14 20:30:17 | 000,296,960 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCF2Lm.DLL [2010/10/14 20:30:17 | 000,168,448 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFMSm.EXE [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmRU.DLL [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmPT.DLL [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmPL.DLL [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmNL.DLL [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmIT.DLL [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmFR.DLL [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmES.DLL [2010/10/14 20:30:17 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmDE.DLL [2010/10/14 20:30:17 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmUS.DLL [2010/10/14 20:30:17 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLmJP.DLL [2010/10/14 20:29:49 | 000,354,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPPM.DLL [2010/10/14 20:29:49 | 000,137,216 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL [2010/10/14 20:29:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING [2010/10/14 20:29:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\CHM [2010/10/14 20:29:07 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2010/10/14 20:27:03 | 000,277,504 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMA7.DLL [2010/10/14 20:24:19 | 001,310,720 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870C.dll [2010/10/14 20:24:19 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870L.dll [2010/10/14 20:24:19 | 000,110,592 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870I.dll [2010/10/14 20:24:19 | 000,102,400 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC870U.dll [2010/10/14 20:24:19 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll [2010/10/13 17:05:53 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010/10/13 17:05:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010/10/13 17:04:49 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010/10/13 17:04:43 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/10/13 17:04:43 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010/10/13 17:04:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010/10/13 17:04:39 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/10/13 17:04:39 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/10/13 17:04:39 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/10/13 17:04:39 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/10/13 17:04:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/10/13 17:04:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/10/13 17:04:38 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/10/13 17:04:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/10/13 17:04:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/10/13 17:04:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/10/13 17:04:38 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/10/13 17:04:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/10/13 17:04:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/10/13 17:04:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/10/13 17:04:35 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010/10/13 17:04:35 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010/10/13 17:04:32 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/10/13 17:04:29 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010/10/13 17:04:26 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/08 13:05:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/08 13:03:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Serban\Desktop\OTL.exe [2010/11/07 12:08:31 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/07 12:08:31 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/07 11:51:07 | 137,691,143 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/07 11:44:40 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DBDFCDC9-FA7F-4918-8835-05F03CD23514}.job [2010/11/07 11:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/11/07 11:38:39 | 000,606,802 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/11/07 11:38:39 | 000,606,802 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/11/07 11:38:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/07 11:38:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/07 11:38:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/05 19:15:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/05 19:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4284766960-3472652437-3731180475-1000UA.job [2010/11/05 19:09:00 | 000,000,134 | ---- | M] () -- C:\Users\Serban\Desktop\Network and Sharing Center - Shortcut.lnk [2010/11/03 12:00:20 | 003,901,948 | ---- | M] () -- C:\Users\Serban\Desktop\ComboFix.com [2010/11/02 11:03:14 | 000,001,641 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/10/30 11:54:04 | 000,000,134 | ---- | M] () -- C:\Users\Serban\Desktop\Power Options - Shortcut.lnk [2010/10/30 11:53:46 | 000,001,356 | ---- | M] () -- C:\Users\Serban\AppData\Local\d3d9caps.dat [2010/10/29 22:46:19 | 000,003,385 | ---- | M] () -- C:\Users\Serban\Desktop\Attach.rar [2010/10/29 22:16:56 | 000,545,280 | ---- | M] () -- C:\Users\Serban\Desktop\dds.scr [2010/10/29 21:44:58 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/10/29 21:18:33 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/29 20:47:31 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/10/29 20:22:50 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At2.job [2010/10/29 20:22:50 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At1.job [2010/10/29 08:35:17 | 000,001,776 | ---- | M] () -- C:\Users\Serban\Documents\Bethea order.rtf [2010/10/25 23:03:12 | 000,000,097 | ---- | M] () -- C:\Windows\QUICKEN.INI [2010/10/25 17:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4284766960-3472652437-3731180475-1000Core.job [2010/10/24 18:41:17 | 000,271,360 | ---- | M] () -- C:\Users\Serban\Documents\Outlook.pst [2010/10/24 18:38:21 | 000,002,657 | ---- | M] () -- C:\Users\Serban\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk [2010/10/21 17:36:33 | 000,001,001 | ---- | M] () -- C:\Users\Serban\Desktop\monitor off.lnk [2010/10/19 15:00:08 | 000,294,912 | ---- | M] () -- C:\Users\Serban\Desktop\gmer.exe [2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/10/17 08:16:50 | 000,000,902 | ---- | M] () -- C:\Users\Serban\Desktop\magicJack.lnk [2010/10/16 09:29:03 | 000,000,230 | ---- | M] () -- C:\Users\Serban\Desktop\My Book.lnk [2010/10/13 17:46:59 | 001,797,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/07 11:39:47 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DBDFCDC9-FA7F-4918-8835-05F03CD23514}.job [2010/11/05 19:09:00 | 000,000,134 | ---- | C] () -- C:\Users\Serban\Desktop\Network and Sharing Center - Shortcut.lnk [2010/11/03 12:01:13 | 003,901,948 | ---- | C] () -- C:\Users\Serban\Desktop\ComboFix.com [2010/10/30 12:31:08 | 000,001,001 | ---- | C] () -- C:\Users\Serban\Desktop\monitor off.lnk [2010/10/30 11:54:04 | 000,000,134 | ---- | C] () -- C:\Users\Serban\Desktop\Power Options - Shortcut.lnk [2010/10/29 22:46:19 | 000,003,385 | ---- | C] () -- C:\Users\Serban\Desktop\Attach.rar [2010/10/29 22:28:34 | 000,294,912 | ---- | C] () -- C:\Users\Serban\Desktop\gmer.exe [2010/10/29 22:16:55 | 000,545,280 | ---- | C] () -- C:\Users\Serban\Desktop\dds.scr [2010/10/29 21:18:33 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/29 20:47:31 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/10/29 08:35:17 | 000,001,776 | ---- | C] () -- C:\Users\Serban\Documents\Bethea order.rtf [2010/10/25 21:01:02 | 000,000,097 | ---- | C] () -- C:\Windows\QUICKEN.INI [2010/10/25 20:42:59 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At2.job [2010/10/25 20:42:30 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At1.job [2010/10/14 20:24:19 | 000,015,360 | ---- | C] () -- C:\Windows\System32\CNC1743D.TBL [2010/10/14 19:54:36 | 000,271,360 | ---- | C] () -- C:\Users\Serban\Documents\Outlook.pst [2010/06/23 01:45:25 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/04/12 04:31:33 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2010/02/23 09:47:01 | 000,001,264 | ---- | C] () -- C:\ProgramData\ss.ini [2009/12/15 10:04:28 | 000,096,330 | ---- | C] () -- C:\Users\Serban\AppData\Roaming\NMM-MetaData.db [2009/11/10 12:45:55 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009/10/23 18:34:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2009/08/12 03:39:57 | 000,000,000 | ---- | C] () -- C:\Users\Serban\AppData\Roaming\wklnhst.dat [2009/07/10 03:43:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/07/09 03:47:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll [2009/04/15 14:43:54 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009/03/05 09:44:47 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009/03/05 09:44:47 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini [2009/03/05 09:40:08 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009/03/05 09:40:07 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009/01/26 11:36:29 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009/01/26 11:36:29 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009/01/13 19:08:07 | 000,001,356 | ---- | C] () -- C:\Users\Serban\AppData\Local\d3d9caps.dat [2008/10/21 08:29:14 | 000,112,640 | ---- | C] () -- C:\Users\Serban\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/24 06:21:08 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/09/24 03:17:48 | 000,606,802 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/09/24 03:17:40 | 000,606,802 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008/09/08 10:15:18 | 000,000,039 | ---- | C] () -- C:\Windows\KeplerAstrology.INI [2008/07/16 11:16:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008/07/15 11:52:24 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008/06/26 16:41:31 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI [2008/06/18 17:18:12 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008/06/18 14:38:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008/06/18 14:38:06 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll [2008/06/18 14:38:06 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll [2008/06/18 14:38:06 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini [2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2007/03/23 16:35:26 | 000,022,723 | ---- | C] () -- C:\Windows\System32\xrxs1l3.dll [2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/10/30 10:30:30 | 000,010,032 | ---- | C] () -- C:\Windows\System32\drivers\SBTEDrv.sys [2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2005/11/02 10:39:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\SDelete.dll [2005/11/02 10:39:16 | 000,024,924 | ---- | C] () -- C:\Windows\System32\openports.dll [2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2000/09/18 15:50:28 | 000,202,752 | ---- | C] () -- C:\Windows\System32\zlib.dll ========== LOP Check ========== [2010/06/29 06:27:18 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\ACD Systems [2010/04/12 06:37:47 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\AnvSoft [2009/01/27 22:33:53 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Autodesk [2010/10/31 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\BitTorrent [2010/06/17 12:53:04 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\BSplayer [2010/06/17 12:48:40 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\BSplayer Pro [2010/10/14 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Canon [2010/10/31 14:48:06 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\DNA [2010/06/25 06:59:48 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Downloaded Installations [2010/07/08 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\ICQ [2009/06/05 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\LimeWire [2010/10/29 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Loil [2010/10/29 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\MiniDm [2010/10/17 08:16:53 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\mjusbsp [2009/09/18 02:41:36 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Monotype Imaging [2010/02/23 09:02:19 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\MP3Rocket [2009/11/02 23:58:42 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Mp3tag [2010/10/25 17:18:23 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Nitro PDF [2009/12/15 10:04:28 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Nokia [2010/10/31 17:17:33 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Nokia Multimedia Player [2010/10/29 12:30:05 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Nurial [2008/09/24 02:54:34 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\PC Suite [2008/09/24 02:54:34 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\SpaceMonger [2009/08/12 03:43:16 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Template [2008/09/24 02:54:34 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\TMP [2009/06/10 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\vusbsp [2009/10/23 18:37:32 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\WD [2009/11/09 20:12:37 | 000,000,000 | ---D | M] -- C:\Users\Serban\AppData\Roaming\Windows Live Writer [2010/10/29 20:22:50 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job [2010/10/29 20:22:50 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At2.job [2010/11/05 19:20:21 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/11/07 11:44:40 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DBDFCDC9-FA7F-4918-8835-05F03CD23514}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences < End of report >
  4. I tried this in normal mode and safe mode, but it still doesn't load. At one point, however, I noticed an unlikely process in the task manager: iexplore.exe This was in minimal safe mode and IE was definitely not open.
  5. Also I've tried this many times, including with newly downloaded versions of combofix.
  6. I should have mentioned that I have also tried safe mode. Same thing happens. It starts loading, then nothing happens.
  7. Combofix will not run. The green bar loads, then nothing happens. If I try to click on it again, it loads and then says some components could not be installed. FYI, the OS is Vista Ultimate 32bit.
  8. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5009 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18975 10/31/2010 4:32:18 PM mbam-log-2010-10-31 (16-32-18).txt Scan type: Quick scan Objects scanned: 147239 Time elapsed: 5 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. JavaRa log was empty and I managed to delete all java-related folders. MBAM did not find anything. Here is the DDS log: DDS (Ver_10-10-21.02) - NTFSx86 NETWORK Run by Serban at 16:58:06.87 on Sun 10/31/2010 Internet Explorer: 8.0.6001.18975 Microsoft
  10. Thanks for the help. I just ran another full scan with Malwarebytes, but nothing was found. Here is the scan from yesterday that detected Vundo and MyWebSearch: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4995 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18975 10/29/2010 10:35:37 PM mbam-log-2010-10-29 (22-35-37).txt Scan type: Quick scan Objects scanned: 147241 Time elapsed: 6 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 18 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systeminit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Serban\downloads\MyWebFaceSetup2.3.50.56_2.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Serban\AppData\Local\Temp\svchost.exe (Virus.Agent) -> Quarantined and deleted successfully.
  11. I have a nasty infection but little clue as to what it is. Malwarebytes last picked up on files associated with Trojan.Vundo and Adware.MyWebSearch, and I also deleted associated entries in HijackThis, but deleting them doesnt solve much. Whatever it is, it's making anti-malware programs very difficult to run. Gmer for instance freezes, even in safe mode. I was able to get the DDS logs: DDS (Ver_10-10-21.02) - NTFSx86 NETWORK Run by Serban at 23:23:03.67 on Fri 10/29/2010 Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22 Microsoft Attach.rar
  12. ESET results posted below. I think it hit upon items already in quarantine. No action has been taken yet (I am leaving ESET open until further reply). Thanks. C:\Qoobox\Quarantine\C\Users\Alex\AppData\Local\ukneqlfdh\tselfwwtssd.exe.vir Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\system32\Drivers\pciide.sys.vir_ Win32/Olmarik.ZC trojan cleaned - quarantined C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2dbc99ac-174fec7c multiple threats deleted - quarantined
  13. Nothing bad so far Windows boots normally. MBAM shows nothing at all. Here's the latest combofix: ComboFix 10-05-24.07 - Alex 05/25/2010 14:43:32.2.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2414 [GMT -4:00] Running from: c:\users\Alex\Desktop\Combo.exe Command switches used :: c:\users\Alex\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 ))))))))))))))))))))))))))))))) . 2010-05-25 18:47 . 2010-05-25 18:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2010-05-25 18:47 . 2010-05-25 18:47 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-05-25 18:47 . 2010-05-25 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-25 17:44 . 2010-05-25 18:47 -------- d-----w- c:\users\Alex\AppData\Local\temp 2010-05-25 17:38 . 2010-05-25 17:38 -------- d-----w- C:\Device 2010-05-25 17:37 . 2009-07-14 01:20 12368 ----a-w- c:\windows\system32\drivers\pciide.sys 2010-05-24 16:17 . 2010-05-24 16:17 -------- d-----w- C:\WinDDK 2010-05-24 16:16 . 2010-05-24 16:17 -------- d-----w- c:\program files\WinDDK 2010-05-24 16:14 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2010-05-24 16:13 . 2010-05-24 16:14 -------- d-----w- c:\program files\MagicDisc 2010-05-23 22:00 . 2010-05-23 22:00 -------- d-----w- c:\program files\CCleaner 2010-05-18 05:26 . 2010-05-18 05:28 -------- d-----w- c:\program files\Gabest 2010-05-14 23:15 . 2010-05-15 00:25 -------- d-----w- c:\users\Alex\AppData\Local\SugarSync 2010-05-14 22:16 . 2010-05-15 01:43 -------- d-----w- c:\program files\SugarSync 2010-05-13 19:22 . 2010-05-13 19:22 -------- d-----w- c:\temp\MotoConnectTemp 2010-05-12 03:40 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-07 03:36 . 2010-05-07 03:36 -------- d-----w- c:\users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2010-05-07 03:36 . 2010-05-07 03:36 -------- d-----w- c:\users\Alex\AppData\Roaming\Adobe Mini Bridge CS5 2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\users\Alex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2010-05-07 01:13 . 2010-05-07 01:13 -------- d-----w- c:\program files\Adobe Media Player 2010-05-07 01:11 . 2010-05-07 01:11 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-07 01:11 . 2010-05-07 01:11 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-05 01:06 . 2010-05-07 01:39 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-05-05 01:04 . 2010-05-05 01:04 -------- d-----w- c:\programdata\ALM 2010-05-04 19:23 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2010-05-04 19:22 . 2009-02-27 17:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll 2010-05-04 19:21 . 2010-05-04 19:24 -------- d-----w- C:\_AcroTemp 2010-05-02 05:56 . 2010-05-23 21:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\icgmnwilm 2010-05-01 18:11 . 2010-05-01 18:32 -------- d-----w- c:\users\Alex\AppData\Local\aurnqtent 2010-04-29 19:38 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:38 . 2010-04-29 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 19:38 . 2010-04-29 16:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 20:52 . 2010-04-28 20:52 -------- d-----w- c:\users\Alex\AppData\Local\avG 2010-04-28 20:52 . 2010-04-28 20:52 -------- d-----w- c:\programdata\avG 2010-04-27 19:14 . 2010-04-28 19:40 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc 2010-04-27 18:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-27 18:39 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-27 18:39 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-25 18:46 . 2010-01-20 21:08 -------- d-----w- c:\users\Alex\AppData\Roaming\BitTorrent 2010-05-25 18:45 . 2010-03-11 04:52 -------- d-----w- c:\program files\Common Files\Akamai 2010-05-24 16:26 . 2010-03-28 04:04 -------- d-----w- c:\program files\DirectVobSub 2010-05-24 16:24 . 2010-03-14 07:42 -------- d-----w- c:\program files\DivX 2010-05-24 01:07 . 2010-01-15 00:34 66088 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-21 17:22 . 2010-01-15 22:47 -------- d-----w- c:\program files\JDownloader 2010-05-17 16:15 . 2010-04-25 02:36 -------- d-----w- c:\users\Alex\AppData\Roaming\avidemux 2010-05-17 16:14 . 2010-04-25 02:35 -------- d-----w- c:\program files\Avidemux 2.5 2010-05-15 20:58 . 2010-01-21 18:52 -------- d-----w- c:\users\Alex\AppData\Roaming\XnView 2010-05-12 20:25 . 2010-04-06 04:52 -------- d-----w- c:\users\Alex\AppData\Roaming\Jubler 2010-05-12 07:00 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-12 07:00 . 2010-01-15 01:23 -------- d-----w- c:\programdata\Microsoft Help 2010-05-10 23:31 . 2010-01-15 01:10 -------- d-----w- c:\program files\Google 2010-05-07 19:57 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys 2010-05-07 01:14 . 2010-01-16 05:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-29 21:30 . 2010-01-15 22:41 -------- d-----w- c:\program files\Mp3tag 2010-04-26 19:11 . 2010-04-24 18:16 -------- d-----w- c:\program files\Handbrake 2010-04-25 02:22 . 2010-04-24 18:16 -------- d-----w- c:\users\Alex\AppData\Roaming\HandBrake 2010-04-25 02:15 . 2010-04-25 02:07 -------- d-----w- c:\program files\SlySoft 2010-04-25 02:08 . 2010-04-25 02:08 -------- d-----w- c:\programdata\SlySoft 2010-04-17 00:36 . 2010-04-17 00:36 388096 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-04-17 00:36 . 2010-04-17 00:36 -------- d-----w- c:\program files\TrendMicro 2010-04-13 17:35 . 2010-04-13 17:35 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes 2010-04-13 17:34 . 2010-04-13 17:34 -------- d-----w- c:\programdata\Malwarebytes 2010-04-13 07:37 . 2010-04-13 07:37 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira 2010-04-13 05:57 . 2010-04-13 05:56 -------- d-----w- c:\users\Alex\AppData\Roaming\InfraRecorder 2010-04-10 00:40 . 2010-04-10 00:40 -------- d-----w- c:\program files\MediaInfo 2010-04-08 05:11 . 2010-04-06 04:52 -------- d-----w- c:\program files\Jubler 2010-04-07 17:20 . 2010-02-09 02:35 -------- d-----w- c:\program files\SpeedFan 2010-04-07 00:54 . 2010-01-20 08:26 -------- d-----w- c:\users\Alex\AppData\Roaming\Mp3tag 2010-04-07 00:54 . 2010-01-17 06:58 -------- d-----w- c:\program files\XnView 2010-04-07 00:54 . 2010-03-13 03:00 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-04-07 00:54 . 2010-02-23 23:15 -------- d-----w- c:\program files\AVIcodec 2010-04-07 00:54 . 2010-01-15 22:41 -------- d-----w- c:\program files\ImgBurn 2010-04-03 02:17 . 2010-04-03 02:17 -------- d-----w- c:\users\Alex\AppData\Roaming\mkvtoolnix 2010-04-03 02:16 . 2010-04-03 02:16 -------- d-----w- c:\program files\MKVtoolnix 2010-04-03 01:48 . 2010-04-03 01:48 -------- d-----w- c:\program files\VideoJoiner 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\AcrobatUpdater.exe 2010-03-10 18:00 . 2010-03-13 03:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-03-08 21:33 . 2010-04-14 16:34 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 03:51 . 2010-03-06 03:51 50008 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe 2010-03-06 03:31 . 2010-03-06 03:31 117427 ----a-w- c:\users\Alex\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe 2010-03-05 14:13 . 2010-03-05 14:13 947472 ----a-w- c:\windows\system32\msjava.dll 2010-03-01 13:05 . 2010-01-15 00:39 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-27 12:07 . 2010-04-14 16:34 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07 . 2010-04-14 16:34 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-27 07:32 . 2010-04-14 16:34 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-27 07:32 . 2010-04-14 16:34 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-02-27 07:32 . 2010-04-14 16:34 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((( SnapShot@2010-05-25_17.46.05 ))))))))))))))))))))))))))))))))))))))))) . - 2010-01-15 08:00 . 2010-05-25 17:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat + 2010-01-15 08:00 . 2010-05-25 18:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat - 2010-01-15 08:00 . 2010-05-25 17:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat + 2010-01-15 08:00 . 2010-05-25 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat + 2010-01-15 08:00 . 2010-05-25 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat - 2010-01-15 08:00 . 2010-05-25 17:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat + 2010-01-15 00:10 . 2010-05-25 18:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-01-15 00:10 . 2010-05-25 17:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216] "SansaDispatch"="c:\users\Alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-02-23 79872] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-03-11 654648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-15 8129056] "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2007-04-01 299520] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2009-10-03 04:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2009-10-03 09:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-02-09 18:18 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync] 2010-05-05 18:36 13705216 ----a-w- c:\program files\SugarSync\SugarSyncManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe R0 bofsxi;bofsxi; [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1343400] R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-15 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3600) c:\program files\UltraMon\RTSUltraMonHook.dll c:\program files\SugarSync\SugarSyncShellExt.dll c:\program files\UltraMon\Resources\en\UltraMonRes.dll . Completion time: 2010-05-25 14:49:51 ComboFix-quarantined-files.txt 2010-05-25 18:49 ComboFix2.txt 2010-05-25 17:49 Pre-Run: 41,785,413,632 bytes free Post-Run: 41,596,329,984 bytes free - - End Of File - - A1B26F861DE533A1AEACDB30BFF73D95
  14. I am not prepared to format just yet, even though I usually do online banking and purchasing - I can take the necessary precautions. Combofix log is below. Though it took care of some things, I should note that the computer started restarting normally before I got a chance to run combofix. ComboFix 10-05-24.07 - Alex 05/25/2010 13:39:49.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2606 [GMT -4:00] Running from: c:\users\Alex\Desktop\Combo.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Alex\AppData\Local\ukneqlfdh c:\users\Alex\AppData\Local\ukneqlfdh\tselfwwtssd.exe C:\vsimvxuiurekhwf.exe Infected copy of c:\windows\system32\DRIVERS\pciide.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 ))))))))))))))))))))))))))))))) . 2010-05-25 17:44 . 2010-05-25 17:46 -------- d-----w- c:\users\Alex\AppData\Local\temp 2010-05-24 16:17 . 2010-05-24 16:17 -------- d-----w- C:\WinDDK 2010-05-24 16:16 . 2010-05-24 16:17 -------- d-----w- c:\program files\WinDDK 2010-05-24 16:14 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2010-05-24 16:13 . 2010-05-24 16:14 -------- d-----w- c:\program files\MagicDisc 2010-05-23 22:00 . 2010-05-23 22:00 -------- d-----w- c:\program files\CCleaner 2010-05-18 05:26 . 2010-05-18 05:28 -------- d-----w- c:\program files\Gabest 2010-05-14 23:15 . 2010-05-15 00:25 -------- d-----w- c:\users\Alex\AppData\Local\SugarSync 2010-05-14 22:16 . 2010-05-15 01:43 -------- d-----w- c:\program files\SugarSync 2010-05-13 19:22 . 2010-05-13 19:22 -------- d-----w- c:\temp\MotoConnectTemp 2010-05-12 03:40 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-07 03:36 . 2010-05-07 03:36 -------- d-----w- c:\users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2010-05-07 03:36 . 2010-05-07 03:36 -------- d-----w- c:\users\Alex\AppData\Roaming\Adobe Mini Bridge CS5 2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\users\Alex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2010-05-07 01:13 . 2010-05-07 01:13 -------- d-----w- c:\program files\Adobe Media Player 2010-05-07 01:11 . 2010-05-07 01:11 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-07 01:11 . 2010-05-07 01:11 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-05 01:06 . 2010-05-07 01:39 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-05-05 01:04 . 2010-05-05 01:04 -------- d-----w- c:\programdata\ALM 2010-05-04 19:23 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2010-05-04 19:22 . 2009-02-27 17:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll 2010-05-04 19:21 . 2010-05-04 19:24 -------- d-----w- C:\_AcroTemp 2010-05-02 05:56 . 2010-05-23 21:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\icgmnwilm 2010-05-01 18:11 . 2010-05-01 18:32 -------- d-----w- c:\users\Alex\AppData\Local\aurnqtent 2010-04-29 19:38 . 2010-04-29 16:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:38 . 2010-04-29 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 19:38 . 2010-04-29 16:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 20:52 . 2010-04-28 20:52 -------- d-----w- c:\users\Alex\AppData\Local\avG 2010-04-28 20:52 . 2010-04-28 20:52 -------- d-----w- c:\programdata\avG 2010-04-27 19:14 . 2010-04-28 19:40 -------- d-----w- c:\users\Alex\AppData\Roaming\vlc 2010-04-27 18:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-27 18:39 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-27 18:39 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-25 17:47 . 2010-01-20 21:08 -------- d-----w- c:\users\Alex\AppData\Roaming\BitTorrent 2010-05-25 17:46 . 2010-03-11 04:52 -------- d-----w- c:\program files\Common Files\Akamai 2010-05-24 16:26 . 2010-03-28 04:04 -------- d-----w- c:\program files\DirectVobSub 2010-05-24 16:24 . 2010-03-14 07:42 -------- d-----w- c:\program files\DivX 2010-05-24 01:07 . 2010-01-15 00:34 66088 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-21 17:22 . 2010-01-15 22:47 -------- d-----w- c:\program files\JDownloader 2010-05-17 16:15 . 2010-04-25 02:36 -------- d-----w- c:\users\Alex\AppData\Roaming\avidemux 2010-05-17 16:14 . 2010-04-25 02:35 -------- d-----w- c:\program files\Avidemux 2.5 2010-05-15 20:58 . 2010-01-21 18:52 -------- d-----w- c:\users\Alex\AppData\Roaming\XnView 2010-05-12 20:25 . 2010-04-06 04:52 -------- d-----w- c:\users\Alex\AppData\Roaming\Jubler 2010-05-12 07:00 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-12 07:00 . 2010-01-15 01:23 -------- d-----w- c:\programdata\Microsoft Help 2010-05-10 23:31 . 2010-01-15 01:10 -------- d-----w- c:\program files\Google 2010-05-07 19:57 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys 2010-05-07 01:14 . 2010-01-16 05:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-29 21:30 . 2010-01-15 22:41 -------- d-----w- c:\program files\Mp3tag 2010-04-26 19:11 . 2010-04-24 18:16 -------- d-----w- c:\program files\Handbrake 2010-04-25 02:22 . 2010-04-24 18:16 -------- d-----w- c:\users\Alex\AppData\Roaming\HandBrake 2010-04-25 02:15 . 2010-04-25 02:07 -------- d-----w- c:\program files\SlySoft 2010-04-25 02:08 . 2010-04-25 02:08 -------- d-----w- c:\programdata\SlySoft 2010-04-17 00:36 . 2010-04-17 00:36 388096 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-04-17 00:36 . 2010-04-17 00:36 -------- d-----w- c:\program files\TrendMicro 2010-04-13 17:35 . 2010-04-13 17:35 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes 2010-04-13 17:34 . 2010-04-13 17:34 -------- d-----w- c:\programdata\Malwarebytes 2010-04-13 07:37 . 2010-04-13 07:37 -------- d-----w- c:\users\Alex\AppData\Roaming\Avira 2010-04-13 05:57 . 2010-04-13 05:56 -------- d-----w- c:\users\Alex\AppData\Roaming\InfraRecorder 2010-04-10 00:40 . 2010-04-10 00:40 -------- d-----w- c:\program files\MediaInfo 2010-04-08 05:11 . 2010-04-06 04:52 -------- d-----w- c:\program files\Jubler 2010-04-07 17:20 . 2010-02-09 02:35 -------- d-----w- c:\program files\SpeedFan 2010-04-07 00:54 . 2010-01-20 08:26 -------- d-----w- c:\users\Alex\AppData\Roaming\Mp3tag 2010-04-07 00:54 . 2010-01-17 06:58 -------- d-----w- c:\program files\XnView 2010-04-07 00:54 . 2010-03-13 03:00 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-04-07 00:54 . 2010-02-23 23:15 -------- d-----w- c:\program files\AVIcodec 2010-04-07 00:54 . 2010-01-15 22:41 -------- d-----w- c:\program files\ImgBurn 2010-04-03 02:17 . 2010-04-03 02:17 -------- d-----w- c:\users\Alex\AppData\Roaming\mkvtoolnix 2010-04-03 02:16 . 2010-04-03 02:16 -------- d-----w- c:\program files\MKVtoolnix 2010-04-03 01:48 . 2010-04-03 01:48 -------- d-----w- c:\program files\VideoJoiner 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Acrobat\9.2\ARM\ARM Update\AcrobatUpdater.exe 2010-03-10 18:00 . 2010-03-13 03:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-03-08 21:33 . 2010-04-14 16:34 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 03:51 . 2010-03-06 03:51 50008 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe 2010-03-06 03:31 . 2010-03-06 03:31 117427 ----a-w- c:\users\Alex\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe 2010-03-05 14:13 . 2010-03-05 14:13 947472 ----a-w- c:\windows\system32\msjava.dll 2010-03-01 13:05 . 2010-01-15 00:39 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-27 12:07 . 2010-04-14 16:34 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07 . 2010-04-14 16:34 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-27 07:32 . 2010-04-14 16:34 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-27 07:32 . 2010-04-14 16:34 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-02-27 07:32 . 2010-04-14 16:34 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2010-05-05 18:36 151552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-09 65216] "SansaDispatch"="c:\users\Alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-02-23 79872] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-03-11 654648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-15 8129056] "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2007-04-01 299520] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2009-10-03 04:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2009-10-03 09:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-02-09 18:18 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync] 2010-05-05 18:36 13705216 ----a-w- c:\program files\SugarSync\SugarSyncManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 17:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe R0 bofsxi;bofsxi; [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-04 1343400] R4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-15 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeBridge - (no file) SafeBoot-dmboot.sys SafeBoot-dmio.sys SafeBoot-dmload.sys SafeBoot-dmadmin SafeBoot-dmserver SafeBoot-SRService AddRemove-vsimvxuiurekhwf - c:\windows\system32\vsimvxuiurekhwf.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3456) c:\program files\UltraMon\RTSUltraMonHook.dll c:\program files\SugarSync\SugarSyncShellExt.dll c:\program files\UltraMon\Resources\en\UltraMonRes.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\WUDFHost.exe c:\program files\UltraMon\UltraMonTaskbar.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2010-05-25 13:49:15 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-25 17:49 Pre-Run: 42,109,472,768 bytes free Post-Run: 42,059,563,008 bytes free - - End Of File - - 59A557DF67D2947689D4B85A9009B3A4
  15. Hi and thank you for taking the time to help me. My problem was described in detail in the first post. See below for OTL logs, and see attached for new DDS and GMER logs (MBAM shows nothing). OTL logfile created on: 5/25/2010 11:06:46 AM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Alex\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70.21 Gb Total Space | 39.43 Gb Free Space | 56.16% Space Free | Partition Type: NTFS Drive D: | 162.57 Gb Total Space | 17.91 Gb Free Space | 11.02% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3.69 Gb Total Space | 1.30 Gb Free Space | 35.11% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALEX-PC Current User Name: Alex Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/25 11:01:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe PRC - [2010/04/26 12:57:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/04/02 23:01:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/03/10 21:51:53 | 000,654,648 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/02/23 19:24:20 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe PRC - [2010/01/15 18:46:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe PRC - [2010/01/14 21:13:21 | 008,129,056 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/11/09 00:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007/04/01 07:47:56 | 000,269,824 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe PRC - [2007/04/01 07:47:32 | 000,299,520 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe ========== Modules (SafeList) ========== MOD - [2010/05/25 11:01:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2007/04/01 07:47:16 | 000,206,848 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll MOD - [2007/04/01 00:31:40 | 000,052,224 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\UltraMonRes.dll ========== Win32 Services (SafeList) ========== SRV - [2010/05/09 16:29:22 | 002,478,640 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3697.dll -- (Akamai) SRV - [2010/04/26 12:57:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/04/04 03:00:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/11 02:40:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) ========== Driver Services (SafeList) ========== DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/01/14 21:13:22 | 002,981,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010/01/14 21:05:59 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2010/01/14 20:42:49 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/10/27 13:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/13 21:20:45 | 000,012,368 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pciide.sys -- (pciide) DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/02/09 14:18:00 | 007,764,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 IE - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx IE - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 3C 2E 78 75 95 CA 01 [binary data] IE - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.ca" FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.3 FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.7 FF - prefs.js..extensions.enabledItems: {f4f27f27-5908-983e-7d71-940f54991b79}:4.6.6.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/29 15:49:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/04 15:21:33 | 000,000,000 | ---D | M] [2010/01/14 20:31:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions [2010/05/24 19:14:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\extensions [2010/03/09 01:46:42 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010/02/05 20:12:16 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2010/05/24 19:14:19 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\4y7jfgjx.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2010/05/24 19:14:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/06 20:54:50 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{f4f27f27-5908-983e-7d71-940f54991b79} [2010/01/14 23:57:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2010/05/06 21:31:52 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ultraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft) O4 - HKU\S-1-5-21-1996959084-761038259-2334585483-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1996959084-761038259-2334585483-1001..\Run: [bitTorrent] C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-1996959084-761038259-2334585483-1001..\Run: [sansaDispatch] C:\Users\Alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKU\S-1-5-21-1996959084-761038259-2334585483-1001..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1996959084-761038259-2334585483-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 67.55.0.11 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk G:\ O33 - MountPoints2\{6957b187-01a2-11df-8282-0019db854f3d}\Shell - "" = AutoRun O33 - MountPoints2\{6957b187-01a2-11df-8282-0019db854f3d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{8742cba2-017f-11df-ab3e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8742cba2-017f-11df-ab3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe" /START "%1" %* File not found O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe" /START "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2010/05/25 11:01:17 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2010/05/24 23:15:09 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\New folder [2010/05/24 12:17:45 | 000,000,000 | ---D | C] -- C:\WinDDK [2010/05/24 12:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinDDK [2010/05/24 12:14:00 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys [2010/05/24 12:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc [2010/05/23 18:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/05/21 13:15:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Logs [2010/05/21 02:02:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ukneqlfdh [2010/05/18 01:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest [2010/05/17 21:55:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\business card [2010/05/16 17:52:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\A Day in the Life of Liam - Episode 2 Garden Mania [2010/05/14 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\SugarSync [2010/05/14 18:27:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\apartments for email [2010/05/14 18:17:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\SugarSync [2010/05/14 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync [2010/05/08 03:45:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Bradgate [2010/05/07 10:18:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/05/06 23:36:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010/05/06 23:36:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Adobe Mini Bridge CS5 [2010/05/06 22:22:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/05/06 21:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2010/05/06 21:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2010/05/04 21:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010/05/04 21:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2010/05/04 15:23:13 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010/05/04 15:22:01 | 000,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\acaptuser32.dll [2010/05/04 15:21:29 | 000,000,000 | ---D | C] -- C:\_AcroTemp [2010/05/01 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\aurnqtent [2010/04/29 15:38:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:38:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 15:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/04/28 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\avG [2010/04/28 16:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\avG [2010/04/27 15:14:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\vlc [2010/04/27 14:39:26 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010/04/27 14:39:26 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys ========== Files - Modified Within 30 Days ========== [2010/05/25 11:07:25 | 003,407,872 | -HS- | M] () -- C:\Users\Alex\ntuser.dat [2010/05/25 11:01:21 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2010/05/25 10:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/24 13:26:56 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/24 13:26:56 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/24 13:25:16 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/24 13:25:16 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/24 13:25:16 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/24 13:18:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/24 13:17:49 | 2616,795,136 | -HS- | M] () -- C:\hiberfil.sys [2010/05/24 13:12:48 | 001,849,903 | -H-- | M] () -- C:\Users\Alex\AppData\Local\IconCache.db [2010/05/24 12:14:06 | 000,000,959 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010/05/24 12:09:09 | 116,489,755 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/05/23 21:07:28 | 000,066,088 | ---- | M] () -- C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT [2010/05/23 19:20:07 | 003,653,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/05/19 22:08:32 | 000,001,456 | ---- | M] () -- C:\Users\Alex\AppData\Local\Adobe Save for Web 12.0 Prefs [2010/05/19 22:05:19 | 000,000,132 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Adobe IllExport Filter CS5 Prefs [2010/05/19 18:37:29 | 000,000,132 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010/05/19 18:34:12 | 000,000,132 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/05/16 03:18:34 | 001,367,938 | ---- | M] () -- C:\Users\Alex\Desktop\1129_10_Retrospective_brochure_EN.pdf [2010/05/10 22:10:49 | 001,180,082 | ---- | M] () -- C:\Users\Alex\Desktop\ai10_print.pdf [2010/05/10 22:06:04 | 006,804,520 | ---- | M] () -- C:\Users\Alex\Desktop\guide to transparency for print output.pdf [2010/05/08 22:33:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/05/08 22:33:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/05/06 16:29:25 | 000,000,165 | -H-- | M] () -- C:\Users\Alex\Desktop\~$For Sale.pptx [2010/05/03 23:34:47 | 000,099,501 | ---- | M] () -- C:\Users\Alex\Documents\FOR SALE_vertical.pptx [2010/04/29 15:28:16 | 000,025,196 | -HS- | M] () -- C:\Users\Alex\AppData\Local\erTd [2010/04/29 15:28:16 | 000,025,196 | -HS- | M] () -- C:\ProgramData\erTd [2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 02:24:11 | 000,025,014 | -HS- | M] () -- C:\ProgramData\4265470762 [2010/04/28 16:19:27 | 000,050,990 | ---- | M] () -- C:\vsimvxuiurekhwf.exe [2010/04/26 12:53:12 | 000,011,124 | -HS- | M] () -- C:\ProgramData\53YQ5yXeP [2010/04/26 12:53:11 | 000,011,124 | -HS- | M] () -- C:\Users\Alex\AppData\Local\53YQ5yXeP ========== Files Created - No Company Name ========== [2010/05/24 12:14:06 | 000,000,959 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010/05/24 03:20:49 | 116,489,755 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/05/19 22:02:17 | 000,001,456 | ---- | C] () -- C:\Users\Alex\AppData\Local\Adobe Save for Web 12.0 Prefs [2010/05/19 18:37:29 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010/05/19 18:28:57 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe IllExport Filter CS5 Prefs [2010/05/16 03:18:34 | 001,367,938 | ---- | C] () -- C:\Users\Alex\Desktop\1129_10_Retrospective_brochure_EN.pdf [2010/05/15 13:43:32 | 000,244,791 | ---- | C] () -- C:\Users\Alex\Desktop\$550.jpg [2010/05/10 22:10:49 | 001,180,082 | ---- | C] () -- C:\Users\Alex\Desktop\ai10_print.pdf [2010/05/10 22:06:04 | 006,804,520 | ---- | C] () -- C:\Users\Alex\Desktop\guide to transparency for print output.pdf [2010/05/08 22:33:50 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010/05/08 22:33:50 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010/05/06 21:46:07 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/05/06 16:29:25 | 000,000,165 | -H-- | C] () -- C:\Users\Alex\Desktop\~$For Sale.pptx [2010/05/03 23:34:47 | 000,099,501 | ---- | C] () -- C:\Users\Alex\Documents\FOR SALE_vertical.pptx [2010/04/28 16:19:53 | 000,025,196 | -HS- | C] () -- C:\Users\Alex\AppData\Local\erTd [2010/04/28 16:19:53 | 000,025,014 | -HS- | C] () -- C:\ProgramData\4265470762 [2010/04/28 16:18:57 | 000,050,990 | ---- | C] () -- C:\vsimvxuiurekhwf.exe [2010/04/28 16:18:03 | 000,025,196 | -HS- | C] () -- C:\ProgramData\erTd [2010/04/25 21:50:35 | 000,011,124 | -HS- | C] () -- C:\Users\Alex\AppData\Local\53YQ5yXeP [2010/04/25 21:50:35 | 000,011,124 | -HS- | C] () -- C:\ProgramData\53YQ5yXeP [2010/03/12 23:00:39 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/03/12 23:00:38 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/03/12 23:00:38 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/03/12 23:00:37 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010/03/12 23:00:33 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010/03/12 23:00:32 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/01/16 03:39:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll [2010/01/16 03:39:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll [2010/01/16 03:39:01 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll [2010/01/16 03:37:30 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010/01/16 03:37:30 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/13 19:11:20 | 000,012,368 | ---- | C] () -- C:\Windows\System32\drivers\pciide.sys [2009/03/05 15:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:1493A0EF < End of report > EXTRAS OTL Extras logfile created on: 5/25/2010 11:06:46 AM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Alex\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70.21 Gb Total Space | 39.43 Gb Free Space | 56.16% Space Free | Partition Type: NTFS Drive D: | 162.57 Gb Total Space | 17.91 Gb Free Space | 11.02% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3.69 Gb Total Space | 1.30 Gb Free Space | 35.11% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALEX-PC Current User Name: Alex Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ave.exe File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ave.exe File not found [HKEY_USERS\S-1-5-21-1996959084-761038259-2334585483-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [spaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4 "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{06E8A109-2FAA-4EFF-BA23-D37DF1CABBF4}" = SpaceMonger Crack "{07473686-FC3A-4825-9CA9-97D269145F62}" = Motorola Phone Tools "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15 "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU "{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}" = PASW Statistics 17.0 "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{633EC662-AE6E-78B1-BB4C-B9D30DFD2B74}" = ATI Catalyst Install Manager "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}" = winLAME 2010 beta 1 "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007 "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007 "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{955EB283-C340-410E-A3B6-F9D79A02DB28}" = Google Book Downloader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran DDS___GMER_logs.rar
  16. My computer fails to boot into windows 7: it restarts automatically upon reaching the 'starting windows' screen. However, after several restarts (4 on average), it appears to make it into windows. I am more than certain that this is due to malware. A few days ago I experienced the same problem but was able to solve it by deleting a malware file in the system32 folder that was identified in StartUpRepair. Later on I was able to delete the following virusus using MBAM and Avira: Rogue.AntivirusSuite TR/Crypt.Xpack.Gen2 TR/Fraudpack.amu JAVA/Agent.F.1 Java virus These viruses are no longer found by MBAM and Avira, but the startup problem persists. StartupRepair was not helpful this time in identifying the culprits (see below for the StartupRepair log). Further down is the DDS log. I have also tried fixing the bootsector using CMD from StartupRepair, but it didnt help. "Startup repair cannot repair this computer automatically. Problem Signatures: Event Name: StartupRepairOffline Signature 01: 6.1.7600.16385 Signature 02: 6.1.7600.16385 Signature 03: unknown Signature 04: 32 Signature 05: AutoFailover Signature 06: 1 Signature 07: NoRootCause OS Version: 6.1.7600.2.0.0.256.1 Local ID: 1033 Root cause found: unspecified changes to system configuration might have caused the problem Repair action: system files integrity check and repair Result: failed . Error code = 0x490" DDS LOG: DDS (Ver_10-03-17.01) - NTFSx86 Run by Alex at 3:38:02.49 on Mon 05/24/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.2484 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\WerFault.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\WordWeb\wweb32.exe C:\Users\Alex\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\sppsvc.exe C:\Users\Alex\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup uRun: [sansaDispatch] c:\users\alex\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe" uRun: [AdobeBridge] mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [ultraMon] "c:\program files\ultramon\UltraMon.exe" /auto mRun: [<NO NAME>] mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab AppInit_DLLs: acaptuser32.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\4y7jfgjx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\4y7jfgjx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{f4f27f27-5908-983e-7d71-940f54991b79} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-14 11608] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-14 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-14 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-14 60936] R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-2-16 92928] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-27 233472] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-4 1343400] =============== Created Last 30 ================ 2010-05-24 07:20:49 210566683 ----a-w- c:\windows\MEMORY.DMP 2010-05-23 22:00:21 0 d-----w- c:\program files\CCleaner 2010-05-14 22:16:17 0 d-----w- c:\program files\SugarSync 2010-05-13 19:22:24 0 d-----w- c:\temp\MotoConnectTemp 2010-05-12 03:40:44 740864 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-07 14:18:30 0 ----a-w- C:\bofsxi.sys 2010-05-07 03:36:24 0 d-----w- c:\users\alex\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2010-05-07 03:36:24 0 d-----w- c:\users\alex\appdata\roaming\Adobe Mini Bridge CS5 2010-05-07 02:22:45 0 d-----w- c:\users\alex\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2010-05-05 01:06:18 0 d-----w- c:\programdata\regid.1986-12.com.adobe 2010-05-05 01:04:57 0 d-----w- c:\programdata\ALM 2010-05-04 19:23:13 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll 2010-05-04 19:22:01 111992 ----a-w- c:\windows\system32\acaptuser32.dll 2010-05-04 19:21:29 0 d-----w- C:\_AcroTemp 2010-04-29 19:38:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:38:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 19:38:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-28 20:52:24 0 d-----w- c:\programdata\avG 2010-04-28 20:18:57 50990 ----a-w- c:\windows\system32\vsimvxuiurekhwf.exe 2010-04-27 18:39:28 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-27 18:39:26 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-27 18:39:26 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-25 02:36:02 0 d-----w- c:\users\alex\appdata\roaming\avidemux 2010-04-25 02:35:55 0 d-----w- c:\program files\Avidemux 2.5 2010-04-25 02:08:37 0 d-----w- c:\programdata\SlySoft 2010-04-25 02:07:14 0 d-----w- c:\program files\SlySoft 2010-04-24 18:16:26 0 d-----w- c:\users\alex\appdata\roaming\HandBrake 2010-04-24 18:16:22 0 d-----w- c:\program files\Handbrake ==================== Find3M ==================== 2010-05-07 19:57:27 74240 ----a-w- c:\windows\system32\drivers\tdx.sys 2010-03-10 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-03-05 14:13:40 947472 ----a-w- c:\windows\system32\msjava.dll 2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-01-21 19:46:08 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-01-16 07:36:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011620100117\index.dat 2010-02-02 05:41:16 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010020220100203\index.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 3:39:06.42 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.