vaioman

Hello, I was unable to locate extra.txt created by OTL, perhaps i did not save it the first time. OTL for some reason hogs memory resources from my laptop and runs extremely slow, however; I've posted Combofix report as requested. Thank you =-) ComboFix 10-10-01.07 - Lawdy 10/03/2010 2:31.1.2 - x86 NETWORK Running from: c:\users\Lawdy\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Lawdy\AppData\Roaming\inst.exe c:\windows\config.ini c:\windows\system32\Memman.vxd c:\windows\system32\skinboxer43.dll . ((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 ))))))))))))))))))))))))))))))) . 2010-10-03 05:03 . 2010-10-03 05:03 388096 ----a-r- c:\users\Lawdy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-03 05:03 . 2010-10-03 05:03 -------- d-----w- c:\program files\Trend Micro 2010-10-03 05:02 . 2010-10-03 05:02 1402880 ----a-w- C:\HiJackThis.msi 2010-10-02 10:28 . 2010-10-02 10:32 -------- d-----w- C:\new DTOR 2010-10-02 04:30 . 2010-10-02 04:30 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Malwarebytes 2010-10-02 04:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-02 04:30 . 2010-10-02 04:30 -------- d-----w- c:\programdata\Malwarebytes 2010-10-02 04:30 . 2010-10-03 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-02 04:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-02 04:30 . 2010-10-02 04:30 6153376 ----a-w- C:\mbam-setup.exe 2010-09-22 14:22 . 2008-08-28 17:40 720896 ----a-w- c:\windows\InsydeFlash.exe 2010-09-22 14:22 . 2008-08-28 16:41 1228800 ----a-w- c:\windows\iscflash.dll 2010-09-22 14:22 . 2008-08-05 20:48 11520 ----a-w- c:\windows\iscflash.sys 2010-09-22 14:22 . 2007-01-20 02:47 38784 ----a-w- c:\windows\PhlashNT.sys 2010-09-22 14:22 . 2007-01-20 02:43 303104 ----a-w- c:\windows\SWinFlash.exe 2010-09-22 14:22 . 2006-11-21 00:04 200704 ----a-w- c:\windows\PhlashLc.dll 2010-09-22 14:22 . 2009-10-15 01:17 36864 ----a-w- c:\windows\UpdateBattery.exe 2010-09-22 02:53 . 2010-09-22 03:03 120124752 ----a-w- C:\lws201_full.exe 2010-09-16 20:55 . 2010-09-16 20:55 -------- d-----w- C:\Buena Vista Social Club 2010-09-15 17:01 . 2010-09-23 11:31 -------- d-----w- C:\logs 2010-09-15 00:02 . 2010-09-15 00:21 -------- d-----w- c:\programdata\LogiShrd 2010-09-15 00:02 . 2010-09-15 00:06 -------- d-----w- c:\program files\Logitech 2010-09-14 23:57 . 2010-09-14 23:57 -------- d-----w- c:\programdata\Logitech 2010-09-14 23:57 . 2010-09-15 00:01 -------- d-----w- c:\program files\Common Files\LWS 2010-09-13 19:50 . 2010-09-15 22:40 -------- d-----w- C:\Hrvatski Slow 2010-09-13 19:35 . 2010-09-13 19:35 -------- d-----w- c:\program files\ImTOO 2010-09-13 19:32 . 2010-09-13 19:32 -------- d-----w- c:\users\Lawdy\AppData\Roaming\4Media 2010-09-13 19:29 . 2010-09-13 19:32 -------- d-----w- c:\program files\4Media 2010-09-13 19:26 . 2010-09-13 19:33 -------- d-----w- C:\4Media iPod to PC Transfer 2010-09-12 06:44 . 2010-09-12 06:44 -------- d-----w- c:\users\Lawdy\dwhelper 2010-09-12 06:11 . 2010-09-12 06:11 142392 ----a-w- c:\users\Lawdy\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-12 05:54 . 2010-09-14 20:30 -------- d-----w- c:\users\Lawdy\AppData\Roaming\vlc 2010-09-11 02:25 . 2010-09-11 02:36 -------- d-----w- c:\program files\A-PDF Merger 2010-09-11 01:02 . 2010-09-11 01:02 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Foxit Software 2010-09-09 02:04 . 2010-09-09 02:13 -------- d-----w- c:\program files\OfflineExplorer 2010-09-08 10:45 . 2010-09-08 16:06 -------- d-----w- C:\Part 6 of 6 2010-09-07 05:44 . 2010-09-07 05:44 -------- d-----w- c:\windows\system32\oodag 2010-09-06 19:05 . 2010-09-06 19:05 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe 2010-09-06 19:04 . 2010-09-06 19:04 -------- d-----w- c:\program files\iPod 2010-09-06 19:04 . 2010-09-06 19:05 -------- d-----w- c:\program files\iTunes 2010-09-06 18:58 . 2010-09-06 18:58 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe 2010-09-06 18:39 . 2010-09-06 18:39 -------- d-----w- c:\users\Lawdy\AppData\Local\O&O 2010-09-06 18:37 . 2010-09-06 18:37 -------- d-----w- c:\program files\OO Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-03 06:03 . 2009-09-13 08:39 -------- d-----w- c:\users\Lawdy\AppData\Roaming\foobar2000 2010-10-03 06:01 . 2009-09-13 08:34 -------- d-----w- c:\users\Lawdy\AppData\Roaming\uTorrent 2010-10-03 05:04 . 2009-09-13 08:24 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Skype 2010-10-03 04:00 . 2010-06-09 02:24 -------- d-----w- c:\users\Lawdy\AppData\Roaming\skypePM 2010-10-03 01:50 . 2009-09-13 08:15 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-10-02 04:39 . 2009-09-14 04:47 -------- d-----w- c:\program files\Common Files\Nero 2010-10-02 04:13 . 2010-04-28 00:59 -------- d-----w- c:\program files\ESET 2010-09-30 23:51 . 2010-03-24 19:43 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Offline Explorer 2010-09-30 18:15 . 2009-09-18 17:50 -------- d-----w- c:\programdata\Lx_cats 2010-09-30 18:13 . 2009-11-17 12:19 -------- d-----w- c:\users\Lawdy\AppData\Roaming\PrimoPDF 2010-09-30 12:09 . 2010-04-30 23:26 -------- d-----w- c:\users\Lawdy\AppData\Roaming\TeraCopy 2010-09-24 19:05 . 2010-03-25 06:29 1 ----a-w- c:\users\Lawdy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-21 04:25 . 2010-06-09 02:15 -------- d-----r- c:\program files\Skype 2010-09-21 04:25 . 2010-06-09 02:15 -------- d-----w- c:\programdata\Skype 2010-09-20 22:11 . 2010-05-16 02:10 -------- d-----w- c:\users\Lawdy\AppData\Roaming\Audacity 2010-09-18 07:56 . 2009-09-14 04:13 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2010-09-15 00:07 . 2009-09-13 08:14 -------- d-----w- c:\program files\Common Files\LogiShrd 2010-09-12 06:00 . 2009-09-13 08:35 -------- d-----w- c:\program files\uTorrent 2010-09-12 00:53 . 2009-09-21 16:54 531456 ----a-w- c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USDownloader_portable\USDownloader-v.1.3.5.11\USDownloader.exe 2010-09-11 01:00 . 2009-09-14 08:16 -------- d-----w- c:\program files\Foxit Software 2010-09-09 23:09 . 2010-05-05 18:40 -------- d-----w- c:\program files\SpeedFan 2010-09-07 19:57 . 2010-08-05 08:27 -------- d-----w- c:\program files\iPod Pics 2010-09-06 19:06 . 2009-12-29 02:37 -------- d-----w- c:\program files\Safari 2010-09-06 19:04 . 2009-09-13 17:39 -------- d-----w- c:\program files\Common Files\Apple 2010-09-06 19:02 . 2010-01-02 21:22 -------- d-----w- c:\program files\QuickTime 2010-08-29 08:19 . 2010-08-29 08:19 -------- d-----w- c:\program files\iPhone Folders 2010-08-12 21:57 . 2009-12-29 02:38 229664 ---ha-w- c:\windows\system32\mlfcache.dat 2010-08-12 17:45 . 2009-11-15 06:54 -------- d-----w- c:\program files\Your Website Downloader Program 2010-08-10 23:53 . 2010-08-10 23:53 -------- d-----w- c:\program files\SequoiaView 2010-08-10 06:33 . 2010-08-10 06:33 262144 ----a-w- c:\programdata\SPL2C8A.tmp 2010-08-10 06:32 . 2010-08-10 06:32 262144 ----a-w- c:\programdata\SPL9836.tmp 2010-08-10 06:31 . 2010-08-10 06:31 262144 ----a-w- c:\programdata\SPLD41B.tmp 2010-08-07 06:19 . 2009-09-20 08:53 -------- d-----w- c:\program files\Yahoo! 2010-08-05 20:57 . 2009-09-25 03:36 -------- d--h--w- c:\programdata\yahoo! 2010-08-05 09:19 . 2010-08-05 09:19 -------- d-----w- c:\program files\PosteRazor 2010-08-05 09:19 . 2010-08-05 09:19 -------- d-----w- c:\users\Lawdy\AppData\Roaming\CasaPortale.de 2010-08-05 08:18 . 2010-08-04 02:22 -------- d-----w- c:\program files\Cantonese typing 2010-07-27 08:14 . 2010-07-27 08:14 6842464 ----a-w- c:\windows\system32\drivers\lvuvc.sys 2010-07-27 08:14 . 2010-07-27 08:14 539232 ----a-w- c:\windows\system32\LVUI2RC.dll 2010-07-27 08:14 . 2010-07-27 08:14 543328 ----a-w- c:\windows\system32\LVUI2.dll 2010-07-27 08:13 . 2010-07-27 08:13 66528 ----a-w- c:\windows\system32\drivers\lvselsus.sys 2010-07-27 08:12 . 2010-07-27 08:12 282336 ----a-w- c:\windows\system32\drivers\lvrs.sys 2010-07-27 08:08 . 2010-07-27 08:08 203360 ----a-w- c:\windows\system32\lvci1311021.dll 2010-07-27 08:07 . 2010-07-27 08:07 416352 ----a-w- c:\windows\system32\lvcodec2.dll 2010-07-27 08:07 . 2010-07-27 08:07 20704 ----a-w- c:\windows\system32\drivers\lvbusflt.sys 2010-07-27 08:03 . 2010-07-27 08:03 10829656 ----a-w- c:\windows\system32\LogiDPP.dll 2010-07-27 08:03 . 2010-07-27 08:03 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe 2010-07-27 08:03 . 2010-07-27 08:03 290648 ----a-w- c:\windows\system32\DevManagerCore.dll 2010-07-27 07:55 . 2010-07-27 07:55 37518 ----a-w- c:\windows\system32\Repository.reg 2010-07-15 02:36 . 2010-07-15 02:36 2977792 ----a-w- c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\umbrella-4.00.80.exe 2009-12-08 12:49 . 2009-12-08 12:49 7388 ----a-w- c:\program files\mbsuite21.log 2008-12-17 23:50 . 2010-02-10 05:42 35328 ----a-w- c:\program files\XXX Password Finder v2.exe 2007-12-15 18:53 . 2009-12-05 00:20 16183808 ----a-w- c:\program files\BorisFX9 AE.aex 2003-11-03 22:07 . 2004-04-23 22:06 499712 ----a-w- c:\program files\msvcp71.dll 2003-11-03 22:07 . 2004-04-23 22:06 348160 ----a-w- c:\program files\msvcr71.dll 2003-05-30 14:22 . 2003-09-08 14:09 344064 ----a-r- c:\program files\msvcr70.dll 2002-01-05 08:40 . 2003-09-08 14:09 487424 ----a-w- c:\program files\msvcp70.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat . ------- Sigcheck ------- [-] 2010-04-02 . 39B9C70E07A578BD24974E89F18F5771 . 2614272 . . [6.1.7600.16385] . . c:\windows\explorer.exe [-] 2009-07-14 01:14 . 3E12B9A226F0F4AA130D666A26195D5E . 2613248 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520] "EzPrint"="c:\program files\Lexmark 5600-6600 Series\ezprint.exe" [2008-09-10 131752] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoThumbnail"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e03d0c04] IME file REG_SZ cpime.ime [HKLM\~\startupfolder\C:^Users^Lawdy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-07-13 19:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-20 00:22 135664 ----atw- c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-05-08 14:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-11-14 02:07 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2009-09-12 04:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pamela.exe] 2010-01-18 00:25 3395584 ----a-w- c:\program files\Pamela\Pamela.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] 2009-10-14 20:42 292824 ----a-w- c:\program files\Registry Mechanic\RMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-09-01 20:39 14709640 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader] 2010-09-12 00:53 531456 ----a-w- c:\users\Lawdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USDownloader_portable\USDownloader-v.1.3.5.11\USDownloader.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-15 691696] R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840] R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312] R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-01-21 59760] R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2008-05-23 594600] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-07-27 20704] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001Core.job - c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 00:22] 2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001UA.job - c:\users\Lawdy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 00:22] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = 127.0.0.1 IE: + Offline &Explorer: Download the link - file://c:\program files\OfflineExplorer\Add_UrlO.htm IE: + Offline E&xplorer: Download the current page - file://c:\program files\OfflineExplorer\Add_AllO.htm IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Lawdy\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-RunOnce-<NO NAME> - (no file) MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Logitech Vid\Vid.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-10-03 02:38:05 ComboFix-quarantined-files.txt 2010-10-03 06:38 Pre-Run: 24,540,348,416 bytes free Post-Run: 24,450,490,368 bytes free - - End Of File - - F53D79ECBA6A7D2FAA80D012FE4884C5 ComboFix.txt

OTL Report: OTL logfile created on: 10/4/2010 5:55:06 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lawdy\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90.45 Gb Total Space | 22.72 Gb Free Space | 25.12% Space Free | Partition Type: NTFS Drive D: | 134.31 Gb Total Space | 88.96 Gb Free Space | 66.24% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAWDY-PC Current User Name: Lawdy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/10/04 17:53:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lawdy\Downloads\OTL (1).exe PRC - [2010/09/21 01:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/04/01 21:13:54 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/01/21 01:45:24 | 000,059,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe PRC - [2008/11/25 12:57:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/09/10 07:11:16 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe PRC - [2008/09/10 07:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe ========== Modules (SafeList) ========== MOD - [2010/10/04 17:53:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lawdy\Downloads\OTL (1).exe MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/04/19 13:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010/04/17 18:48:06 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/01/21 01:45:24 | 000,059,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE -- (ImeDictUpdateService) SRV - [2009/11/19 21:14:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag) SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2008/11/25 12:57:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device) SRV - [2008/05/23 08:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lawdy\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2010/07/27 04:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC) DRV - [2010/07/27 04:13:26 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus) DRV - [2010/07/27 04:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010/07/27 04:07:10 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter) DRV - [2010/05/15 15:55:49 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/03/03 19:33:26 | 000,435,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009/07/24 16:20:28 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb) DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92) DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac) DRV - [2009/07/13 18:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA) DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel® DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/06/10 17:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2009/05/14 15:49:34 | 000,093,312 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [2006/06/10 18:19:20 | 000,205,312 | ---- | M] (SoliCall) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\solicall.sys -- (msvad_simple) DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) DRV - [2003/12/18 18:53:06 | 000,665,600 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2003/12/18 18:53:06 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\haspnt.sys -- (haspnt) DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 68 9E B9 DF 61 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.9 FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.0 FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c FF - prefs.js..extensions.enabledItems: {e971b650-6098-11da-8cd6-0800200c9a66}:0.6.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 19:35:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 03:32:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/09/06 15:02:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/06 15:02:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/09/06 15:02:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/27 21:06:42 | 000,000,000 | ---D | M] [2010/05/05 21:50:36 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Extensions [2010/05/05 21:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2010/06/06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions [2010/07/24 06:11:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/07/24 06:11:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/07/24 06:12:00 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010/07/24 06:12:00 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2010/07/24 06:12:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/07/24 06:12:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/07/24 06:11:58 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\4txa7v8x.x3 (2008)\extensions\mgDownloadHelper@yevgenyandrov.net [2010/07/24 06:10:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions [2010/07/24 06:12:17 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9} [2010/07/24 06:12:20 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/07/24 06:12:20 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2010/05/20 04:44:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/07/24 06:12:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/07/24 06:12:20 | 000,000,000 | ---D | M] (Takuapa) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{9e6ecf40-4690-11dd-ae16-0800200c9a66} [2010/07/24 06:12:20 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2010/07/24 06:12:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/06/22 12:56:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/07/24 06:12:21 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688} [2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2010/07/24 06:12:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/07/24 06:12:23 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2010/07/24 06:12:23 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} [2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\craigslistimagepreviewext@craigstoolbox [2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\Foxdie@tanjihay.com [2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\foxdie_ext_ocelot@foxdie.us [2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\iSafari.Leopard.Themes@gmail.com [2010/07/24 06:12:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\langpack-pt-BR@firefox.mozilla.org [2010/07/24 06:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\cawadohe.x1 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions [2010/04/28 01:40:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions [2010/04/28 01:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/04/28 01:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/04/28 01:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/28 01:40:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\foh836ux.test\extensions\YoutubeDownloader@PeterOlayev.com [2009/11/10 21:56:10 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions [2010/07/24 06:12:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/07/24 06:12:48 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010/07/24 06:12:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\hrjd0cdv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/10/04 01:15:38 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions [2010/09/22 19:35:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/07/24 06:12:53 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávací paměť) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{563e4790-7e70-11da-a72b-0800200c9a66} [2010/09/22 19:35:30 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/08/04 22:14:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/09/18 13:19:54 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010/09/04 13:54:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/09/04 13:54:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/07/24 06:12:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/07/24 06:12:55 | 000,000,000 | ---D | M] (Simpler Black) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{e971b650-6098-11da-8cd6-0800200c9a66} [2010/07/24 06:12:55 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\kf3575h1.Default Fox\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} [2010/07/25 04:12:53 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions [2010/07/24 06:12:59 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/07/24 06:12:59 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010/07/24 06:12:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91} [2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/07/24 06:13:00 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/07/24 06:13:01 | 000,000,000 | ---D | M] (iAqua) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{e1d404a0-6bb3-11de-8a39-0800200c9a66} [2010/07/24 06:13:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/07/24 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\linkgopher@oooninja.com [2010/04/23 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\staged-xpis [2010/07/24 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\u4muw2pt.x4 (2009) W7\extensions\YoutubeDownloader@PeterOlayev.com [2010/05/20 04:44:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions [2010/07/24 06:13:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/07/24 06:13:06 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/07/24 06:13:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/07/24 06:13:07 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010/07/24 06:13:07 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} [2010/07/24 06:13:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/07/24 06:13:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/07/24 06:13:05 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\smarterwiki@wikiatic.com [2010/07/24 06:13:06 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\wsabpt14.WINDOWS 7 DEFAULT\extensions\YoutubeDownloader@PeterOlayev.com [2010/07/24 06:24:25 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions [2010/07/24 06:13:13 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9} [2010/07/24 06:13:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/07/24 06:13:17 | 000,000,000 | ---D | M] (Unofficial Google Translate Firefox extension) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b} [2010/07/24 06:13:17 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66} [2010/07/24 06:13:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/07/24 06:13:17 | 000,000,000 | ---D | M] (Takuapa) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{9e6ecf40-4690-11dd-ae16-0800200c9a66} [2010/07/24 06:13:17 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2010/07/24 06:13:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/07/24 06:13:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/07/24 06:13:18 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688} [2010/07/24 06:13:18 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2010/07/24 06:13:18 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2010/07/24 06:13:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/07/24 06:13:19 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} [2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\craigslistimagepreviewext@craigstoolbox [2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\Foxdie@tanjihay.com [2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\foxdie_ext_ocelot@foxdie.us [2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\iSafari.Leopard.Themes@gmail.com [2010/07/24 06:13:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\langpack-pt-BR@firefox.mozilla.org [2010/07/24 06:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Firefox\Profiles\zoaxyp3i.x2 (2008)\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions [2010/05/05 21:50:36 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Mozilla\Sunbird\Profiles\f50do5sr.default\extensions [2010/10/04 01:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/12/23 12:06:38 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2010/10/03 02:36:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi) O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O3 - HKLM\..\Toolbar: (Alive Text to Speech) - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files\AliveMedia\Text to Speech\IEToolbar.dll () O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi) O3 - HKLM\..\Toolbar: (2nd &Speech Center) - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\Program Files\2nd Speech Center\tts4ie.dll () O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll () O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [iME14 CHT Setup] C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\OfflineExplorer\Add_UrlO.htm () O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\OfflineExplorer\Add_AllO.htm () O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html () O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.1.66.0.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [2009/12/04 20:20:54 | 016,183,808 | ---- | C] (Boris FX) -- C:\Program Files\BorisFX9 AE.aex [2009/09/18 13:44:32 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll [2009/09/18 13:44:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2009/09/18 13:44:32 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2009/09/18 13:44:31 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2009/09/18 13:44:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2009/09/18 13:44:31 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2009/09/18 13:44:31 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2009/09/18 13:44:30 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2009/09/18 13:44:29 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2009/09/18 13:44:29 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll [2009/09/13 11:40:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Lawdy\AppData\Roaming\pcouffin.sys [2004/04/23 18:06:25 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp71.dll [2004/04/23 18:06:25 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll [2003/09/08 10:09:54 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp70.dll [2003/09/08 10:09:54 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\Program Files\msvcr70.dll [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/10/04 18:22:23 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/10/04 18:22:23 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/10/04 18:22:23 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/10/04 18:22:01 | 007,602,176 | -HS- | M] () -- C:\Users\Lawdy\ntuser.dat [2010/10/04 18:17:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001UA.job [2010/10/04 17:21:41 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/04 17:21:41 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/04 17:16:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/10/04 17:16:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/04 17:16:26 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2010/10/04 17:16:23 | 000,039,556 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010/10/04 02:48:09 | 000,172,908 | ---- | M] () -- C:\Users\Lawdy\Desktop\A.jpg [2010/10/04 01:45:06 | 000,008,192 | ---- | M] () -- C:\Users\Lawdy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/04 00:00:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2010/10/03 23:21:14 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358773793-620390815-2993260238-1001Core.job [2010/10/03 02:36:49 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/10/03 02:36:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/10/03 01:03:15 | 000,002,963 | ---- | M] () -- C:\Users\Lawdy\Desktop\HiJackThis.lnk [2010/10/03 01:02:53 | 001,402,880 | ---- | M] () -- C:\HiJackThis.msi [2010/10/02 00:30:39 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/04 02:48:09 | 000,172,908 | ---- | C] () -- C:\Users\Lawdy\Desktop\A.jpg [2010/10/03 02:30:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/10/03 02:30:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/10/03 02:30:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/10/03 02:30:29 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/10/03 02:30:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/10/03 01:03:15 | 000,002,963 | ---- | C] () -- C:\Users\Lawdy\Desktop\HiJackThis.lnk [2010/10/03 01:02:43 | 001,402,880 | ---- | C] () -- C:\HiJackThis.msi [2010/10/02 00:30:39 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/12 12:28:13 | 000,008,192 | ---- | C] () -- C:\Users\Lawdy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/12 01:40:29 | 019,657,194 | ---- | C] () -- C:\Users\Lawdy\Documents\vlc-1.1.4-win32.exe [2010/09/10 22:14:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini [2010/09/06 15:09:45 | 000,039,556 | ---- | C] () -- C:\Windows\System32\oodbs.lor [2010/08/30 16:13:39 | 004,192,486 | ---- | C] () -- C:\Users\Lawdy\Documents\Document.rtf [2010/08/03 22:23:33 | 014,663,168 | ---- | C] () -- C:\Windows\System32\cpime.ime [2010/08/03 22:23:33 | 000,013,488 | ---- | C] () -- C:\Windows\System32\cpime.chm [2010/07/28 08:00:54 | 252,643,804 | ---- | C] () -- C:\heatherantTV1_1_640.wmv [2010/07/27 04:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010/07/27 04:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010/07/27 04:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010/07/27 03:56:40 | 000,266,828 | ---- | C] () -- C:\Windows\System32\drivers\LVAFT.cfg [2010/07/27 03:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010/07/27 03:55:50 | 000,037,518 | ---- | C] () -- C:\Windows\System32\Repository.reg [2010/07/21 13:59:36 | 000,002,592 | ---- | C] () -- C:\ProgramData\lxduJSW.log [2010/07/20 22:34:56 | 000,038,905 | ---- | C] () -- C:\Program Files\SpokeStyles.jpg [2010/06/09 04:58:44 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys [2010/06/08 14:22:56 | 000,000,000 | ---- | C] () -- C:\Windows\CNeuroWizard.ini [2010/06/08 13:37:59 | 000,000,115 | ---- | C] () -- C:\Windows\wt.ini [2010/05/15 15:55:49 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010/04/30 03:52:47 | 000,000,077 | ---- | C] () -- C:\Windows\System32\winitn.dll [2010/04/30 03:52:42 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll [2010/04/10 17:44:57 | 000,435,736 | ---- | C] () -- C:\Windows\System32\drivers\iaStor.sys [2010/02/10 01:42:35 | 000,035,328 | ---- | C] () -- C:\Program Files\XXX Password Finder v2.exe [2009/12/26 05:15:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/12/26 05:15:17 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2009/12/26 05:15:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009/12/26 05:15:16 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/12/26 05:15:15 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009/12/26 05:15:15 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009/12/26 00:53:27 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini [2009/12/21 22:53:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/12/08 08:49:18 | 000,007,388 | ---- | C] () -- C:\Program Files\mbsuite21.log [2009/12/04 20:24:02 | 000,002,145 | ---- | C] () -- C:\Windows\BorisFX9.2.ini [2009/12/04 20:20:59 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll [2009/11/17 08:18:18 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2009/10/02 01:14:30 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009/10/01 18:06:23 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009/09/18 13:46:28 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll [2009/09/18 13:45:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll [2009/09/18 13:45:25 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2009/09/18 13:45:25 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2009/09/18 13:45:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2009/09/18 13:45:04 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini [2009/09/18 13:44:32 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll [2009/09/18 13:44:30 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll [2009/09/15 06:44:07 | 000,000,029 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\default.rss [2009/09/15 06:44:07 | 000,000,000 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\downloads.m3u [2009/09/14 13:25:31 | 000,000,255 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\iPod Access v4 Prefs [2009/09/14 13:23:25 | 000,000,041 | -H-- | C] () -- C:\Users\Lawdy\AppData\Roaming\iPodAccessv4_OwnerName [2009/09/14 13:22:40 | 000,000,011 | -H-- | C] () -- C:\Users\Lawdy\AppData\Roaming\iPodAccess_Time [2009/09/14 04:51:00 | 000,000,600 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\winscp.rnd [2009/09/14 00:56:35 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009/09/14 00:15:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009/09/13 11:42:09 | 000,000,671 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\vso_ts_preview.xml [2009/09/13 11:41:38 | 000,000,034 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\pcouffin.log [2009/09/13 11:40:59 | 000,007,887 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\pcouffin.cat [2009/09/13 11:40:59 | 000,001,144 | ---- | C] () -- C:\Users\Lawdy\AppData\Roaming\pcouffin.inf [2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll [2008/02/08 18:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll [2008/02/08 18:03:43 | 000,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2005/10/10 00:00:00 | 002,182,144 | ---- | C] () -- C:\Windows\System32\pdfutil.dll [1998/09/15 09:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\tctsaudio.dll [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010/06/09 03:16:37 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\.anki [2010/06/09 03:14:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\.matplotlib [2010/09/13 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\4Media [2010/04/20 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\acccore [2010/09/20 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Audacity [2010/08/05 05:19:52 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\CasaPortale.de [2010/04/12 22:58:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\CopyTrans [2010/05/15 16:02:59 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\DAEMON Tools Lite [2010/04/28 02:01:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Darq Software [2010/01/17 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\DiskAid [2010/06/09 03:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Ectaco [2010/02/12 21:04:00 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Elluminate [2010/10/04 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\foobar2000 [2009/09/14 04:16:38 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Foxit [2010/09/10 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Foxit Software [2010/06/22 08:51:15 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\KoshyJohn.com [2010/02/03 12:56:02 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Leadertech [2009/11/17 23:39:25 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\NCH Swift Sound [2010/09/30 19:51:45 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Offline Explorer [2010/03/25 02:29:41 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\OpenOffice.org [2009/12/24 03:15:37 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Paltalk [2010/06/12 23:39:29 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Pamela [2010/09/30 14:13:53 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\PrimoPDF [2009/09/14 00:40:44 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Publish Providers [2010/01/03 03:39:40 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Registry Mechanic [2010/07/12 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Softland [2010/07/22 03:28:48 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Sony [2009/10/31 23:44:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Sony Creative Software [2010/10/04 03:56:08 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\TeraCopy [2009/12/02 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Thunderbird [2010/10/03 02:01:07 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\uTorrent [2010/07/14 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Vso [2010/04/12 21:34:21 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\WindSolutions [2009/10/16 15:51:33 | 000,000,000 | ---D | M] -- C:\Users\Lawdy\AppData\Roaming\Xilisoft Corporation [2010/09/27 00:28:07 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F8D65F32 < End of report >

Thank you Elise. I've copied the Report from RKUnhookerLE. Currently waiting for OTL to finish still: RKUnhookerLE Report: RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows 7 Version 6.1.7600 Number of processors #2 ============================================== >Drivers ============================================== 0x8F639000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5230592 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver) 0x8FC11000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel

Hello all, I am glad to have become a member of the forum! As a avid computer user, I've always made sure to browse safely using Firefox inconjuction with "add-on" scripts to prevent such attacks... but recently; I've been experiencing strange actions from All web browsers that I have installed on my laptop. Here is the issue: I use both Firefox and Google chrome and ever time I try I attempt to log onto www.amazon.com, facebook.com, I get this strange Apache server page / CentOS!? The message: "This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly. Apache 2 Test Page| powered by CentOS" Personally i do not use my computer as a server/host machine. Also, when i try going to or depositefiles.com, I am given a forbidden message. :cry The odd thing about the entire issue is that when I use a free proxy anonymizer to hide my ip, Both sites work perfectly fine. :confused I thank you very much for assisting me with this odd issue. Here is my log file and a picture-link (http://img825.imageshack.us/img825/5029/33119517.jpg) of the error page posted. Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:47:11 AM, on 10/4/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\OfflineExplorer\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\OfflineExplorer\Add_AllO.htm O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab...l_4.1.66.0.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8028 bytes HiJacklog.txt

Hello all, I am glad to have become a member of the forum! As a avid computer user, I've always made sure to browse safely using Firefox inconjuction with "add-on" scripts to prevent such attacks... but recently; I've been experiencing strange actions from All web browsers that I have installed on my laptop. Here is the issue: I use both Firefox and Google chrome and ever time I try I attempt to log onto www.amazon.com, facebook.com, I get this strange Apache server page / CentOS!? The message: "This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly. Apache 2 Test Page| powered by CentOS" Personally i do not use my computer as a server/host machine. Also, when i try going to or depositefiles.com, I am given a forbidden message. :cry The odd thing about the entire issue is that when I use a free proxy anonymizer to hide my ip, Both sites work perfectly fine. :confused I thank you very much for assisting me with this odd issue. Here is my log file and a picture-link (http://img825.imageshack.us/img825/5029/33119517.jpg) of the error page posted. Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:47:11 AM, on 10/4/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\Lawdy\AppData\Local\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll O3 - Toolbar: Alive Text to Speech - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~1\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\OfflineExplorer\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\OfflineExplorer\Add_AllO.htm O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab.com.s...el_4.1.66.0.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8028 bytes