Jump to content

Multiple Issues


dp68
 Share

Recommended Posts

Hi, I have been working on my girlfriend's computer trying to repair some damage here but still have an issue. She was getting the "DCOM server process launcher service terminated unexpectedly" pop up with the 1 minute timer before rebooting. That seems to have stopped. She also had a pop up at boot up stating she had "worm.win32.netsky" but that has stopped as well. Now we are getting McAfee popping up saying "McAfee has automatically blocked a buffer overflow" in C:\Windows\system32\services.exe

I just got the DCOM Serer Process Launcher error as I am typing this....I will add to this post after reboot....sorry...

Link to post
Share on other sites

So sorry about that....I will try to finish this without any further interruption...

DDS (Ver_09-12-01.01) - NTFSx86

Run by Diane Parkert at 22:39:07.09 on Wed 01/27/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.575 [GMT -6:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {7D397820-C21E-4689-B199-7B6C6A9C6BDB}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Documents and Settings\Diane Parkert\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html

uInternet Settings,ProxyOverride = localhost

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513

mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: aol.com\free

DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} - ftp://ftp.autodesk.com/pub/whip/english/whip.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

SSODL: leziweziz - {50a8ad2d-88b4-4939-bfb6-6738b1593a6a} - No File

STS: {50a8ad2d-88b4-4939-bfb6-6738b1593a6a} - No File

LSA: Notification Packages = scecli rugifati.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dianep~1\applic~1\mozilla\firefox\profiles\2kg1oqvi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: XULRunner: {1A73C1B1-53EC-424F-BCC0-E620BD292799} - c:\documents and settings\diane parkert\local settings\application data\{1A73C1B1-53EC-424F-BCC0-E620BD292799}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-21 214664]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-21 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-21 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-21 144704]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-27 24652]

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\system32\drivers\atinewp2.sys [1980-1-1 485888]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-21 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-21 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-21 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-21 40552]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-23 18560]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-21 34248]

S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2006-10-19 165285]

=============== Created Last 30 ================

2010-01-28 04:34:22 0 ----a-w- c:\documents and settings\diane parkert\defogger_reenable

2010-01-28 03:10:18 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2010-01-28 03:10:13 0 d-----w- c:\program files\Security Task Manager

2010-01-27 05:39:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-27 05:39:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-27 05:20:22 0 d-----w- c:\program files\RegScrubXP

2010-01-27 04:04:11 1744 ---ha-w- c:\windows\system32\poreleji

2010-01-27 03:18:14 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-01-27 03:18:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-01-27 03:11:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-27 02:56:23 0 d-sh--w- c:\documents and settings\diane parkert\IECompatCache

2010-01-26 15:45:29 0 ----a-w- c:\windows\Ctupi.bin

2010-01-26 15:45:27 120 ----a-w- c:\windows\Groreda.dat

2010-01-26 15:32:49 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop

2010-01-26 15:32:26 0 d-----w- c:\program files\PCPitstop

2010-01-25 01:55:31 0 ----a-w- c:\windows\system32\12382.exe

2010-01-25 01:41:10 0 d-----w- c:\program files\Trend Micro

2010-01-25 01:35:31 0 ----a-w- c:\windows\system32\292.exe

2010-01-25 01:29:54 0 d-----w- c:\docume~1\dianep~1\applic~1\AVG8

2010-01-25 01:15:30 0 ----a-w- c:\windows\system32\153.exe

2010-01-25 00:55:30 0 ----a-w- c:\windows\system32\3902.exe

2010-01-25 00:35:29 0 ----a-w- c:\windows\system32\14604.exe

2010-01-25 00:15:29 0 ----a-w- c:\windows\system32\32391.exe

2010-01-24 23:55:29 0 ----a-w- c:\windows\system32\5436.exe

2010-01-24 23:35:08 259072 ----a-w- c:\windows\system32\4827.exe

2010-01-24 22:34:54 0 ----a-w- c:\windows\system32\491.exe

2010-01-24 22:14:54 0 ----a-w- c:\windows\system32\9961.exe

2010-01-24 21:54:54 0 ----a-w- c:\windows\system32\16827.exe

2010-01-24 21:34:53 0 ----a-w- c:\windows\system32\23281.exe

2010-01-24 21:14:53 0 ----a-w- c:\windows\system32\28145.exe

2010-01-24 20:54:53 0 ----a-w- c:\windows\system32\5705.exe

2010-01-24 20:34:52 0 ----a-w- c:\windows\system32\24464.exe

2010-01-24 20:14:52 0 ----a-w- c:\windows\system32\26962.exe

2010-01-24 19:54:52 0 ----a-w- c:\windows\system32\29358.exe

2010-01-24 19:34:51 0 ----a-w- c:\windows\system32\11478.exe

2010-01-24 19:14:51 0 ----a-w- c:\windows\system32\15724.exe

2010-01-24 18:54:51 0 ----a-w- c:\windows\system32\19169.exe

2010-01-24 18:34:50 0 ----a-w- c:\windows\system32\26500.exe

2010-01-24 18:14:49 0 ----a-w- c:\windows\system32\6334.exe

2010-01-24 17:54:48 0 ----a-w- c:\windows\system32\18467.exe

2010-01-14 05:40:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-01-10 14:09:36 0 d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2010-01-26 16:09:01 467200 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-01-24 23:35:17 97344 ----a-w- c:\windows\system32\drivers\asctrm.sys

2009-12-29 04:49:44 215104 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-12-29 03:48:28 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2008-09-07 13:51:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 22:41:57.43 ===============

Malwarebytes' Anti-Malware 1.44

Database version: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/27/2010 10:16:24 PM

mbam-log-2010-01-27 (22-16-23).txt

Scan type: Quick Scan

Objects scanned: 138652

Time elapsed: 14 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\CONFIG\56251864.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.

I think I got everything in here....please let me know if I forgot anything

Attach.zip

Link to post
Share on other sites

Hello dp68

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

  • Please re run gmer again as it has been a few days with the following instructions.


Sections

IAT/EAT

Drives/Partition other than Systemdrive (typically only C:\ should be checked)

Show All (don't miss this one)


Then click the Scan button & wait for it to finish.
Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Click OK and quit the GMER program.
Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
Post that log in your next reply.

Link to post
Share on other sites

OTL would only give me the OTL.txt, it never opened a second "extras.txt" file. I tried to copy and paste the OTL and GMER (Ark) text files here but it said my post was too long. I zipped them together and attached them to this post.

Thanks again for your help. Let me know if there is anything else you need or if I ran these improperly....

Attach.zip

Link to post
Share on other sites

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

=================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I have disabled Microsoft Security Essentials and the firewal but I keep getting a pop up that CyberDefender Internet Security is running and I cannot find it. Is this a fake program? I looked around a bit to see if I could find info on it and only came up with the conclusion that it is another fake antivirus program. I did not run Combofix yet....awaiting your reply.

Link to post
Share on other sites

Thank you...here is the ComboFix log file...

ComboFix 10-01-31.06 - Diane Parkert 02/01/2010 10:46:43.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.649 [GMT -6:00]

Running from: c:\documents and settings\Diane Parkert\Desktop\ComboFix.exe

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {7D397820-C21E-4689-B199-7B6C6A9C6BDB}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Diane Parkert\Local Settings\Application Data\{1A73C1B1-53EC-424F-BCC0-E620BD292799}

c:\documents and settings\Diane Parkert\Local Settings\Application Data\{1A73C1B1-53EC-424F-BCC0-E620BD292799}\chrome.manifest

c:\documents and settings\Diane Parkert\Local Settings\Application Data\{1A73C1B1-53EC-424F-BCC0-E620BD292799}\chrome\content\_cfg.js

c:\documents and settings\Diane Parkert\Local Settings\Application Data\{1A73C1B1-53EC-424F-BCC0-E620BD292799}\chrome\content\overlay.xul

c:\documents and settings\Diane Parkert\Local Settings\Application Data\{1A73C1B1-53EC-424F-BCC0-E620BD292799}\install.rdf

c:\windows\system32\11478.exe

c:\windows\system32\12382.exe

c:\windows\system32\14604.exe

c:\windows\system32\153.exe

c:\windows\system32\15724.exe

c:\windows\system32\16827.exe

c:\windows\system32\18467.exe

c:\windows\system32\19169.exe

c:\windows\system32\23281.exe

c:\windows\system32\24464.exe

c:\windows\system32\26500.exe

c:\windows\system32\26962.exe

c:\windows\system32\28145.exe

c:\windows\system32\292.exe

c:\windows\system32\29358.exe

c:\windows\system32\32391.exe

c:\windows\system32\3902.exe

c:\windows\system32\4827.exe

c:\windows\system32\491.exe

c:\windows\system32\5436.exe

c:\windows\system32\5705.exe

c:\windows\system32\6334.exe

c:\windows\system32\9961.exe

c:\windows\system32\config\44699996.Evt

c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected

Restored copy from - c:\i386\iaStor.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASC3550P

-------\Service_asc3550p

((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))

.

2010-01-31 03:03 . 2010-02-01 03:17 -------- d-----w- c:\program files\Windows Live Safety Center

2010-01-30 04:41 . 2010-01-30 04:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-01-30 01:32 . 2010-01-30 01:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-01-29 17:31 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-01-29 17:31 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-01-29 02:50 . 2010-01-14 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-29 02:47 . 2010-01-29 02:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth

2010-01-29 02:47 . 2010-01-29 02:47 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-01-29 01:08 . 2010-01-29 01:45 -------- d-----w- c:\program files\Enigma Software Group

2010-01-28 03:10 . 2010-01-28 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-01-28 03:10 . 2010-01-28 03:10 -------- d-----w- c:\program files\Security Task Manager

2010-01-27 05:20 . 2010-01-27 05:24 -------- d-----w- c:\program files\RegScrubXP

2010-01-27 03:18 . 2010-01-28 00:34 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-27 03:18 . 2010-01-27 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-27 02:56 . 2010-01-27 02:56 -------- d-sh--w- c:\documents and settings\Diane Parkert\IECompatCache

2010-01-27 02:39 . 2010-01-27 02:39 -------- d-----w- c:\documents and settings\Diane Parkert\Local Settings\Application Data\Threat Expert

2010-01-26 15:45 . 2010-01-26 15:45 0 ----a-w- c:\windows\Ctupi.bin

2010-01-26 15:45 . 2010-01-27 02:21 120 ----a-w- c:\windows\Groreda.dat

2010-01-26 15:32 . 2010-01-26 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-01-26 15:32 . 2010-01-27 02:43 -------- d-----w- c:\program files\PCPitstop

2010-01-25 01:41 . 2010-01-25 01:41 -------- d-----w- c:\program files\Trend Micro

2010-01-25 01:29 . 2010-01-25 01:29 -------- d-----w- c:\documents and settings\Diane Parkert\Application Data\AVG8

2010-01-24 16:56 . 2010-01-25 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-01-21 02:08 . 2010-01-21 02:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData

2010-01-20 03:47 . 2010-01-20 03:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-01-14 05:40 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-01-10 14:09 . 2010-01-10 14:09 -------- d-----w- c:\windows\system32\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 03:28 . 2009-04-01 04:55 -------- d-----w- c:\documents and settings\Diane Parkert\Application Data\U3

2010-01-31 03:17 . 2005-02-15 15:35 52440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-30 22:09 . 2007-07-08 17:44 52440 ----a-w- c:\documents and settings\Ethan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-30 21:11 . 2005-02-15 15:33 -------- d-----w- c:\program files\Viewpoint

2010-01-29 02:46 . 2009-01-22 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-27 02:50 . 2006-11-04 07:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-14 05:38 . 2009-12-20 04:27 -------- d-----w- c:\program files\Google

2009-12-29 04:49 . 2007-11-11 03:29 215104 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-12-29 03:48 . 2007-11-11 03:29 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-12-24 14:07 . 2009-08-26 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-12-21 19:14 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-20 05:35 . 2009-12-20 05:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-20 05:35 . 2008-12-24 04:43 -------- d-----w- c:\program files\LeapFrog

2009-12-20 05:24 . 2009-12-20 05:24 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2009-12-20 04:27 . 2009-12-20 04:27 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-12-20 04:27 . 2009-12-20 04:27 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2009-12-20 04:13 . 2005-03-01 07:25 -------- d-----w- c:\program files\Common Files\Adobe

2009-12-20 04:12 . 2005-03-01 07:25 -------- d-----w- c:\documents and settings\Diane Parkert\Application Data\AdobeUM

2009-12-20 03:26 . 2009-12-20 03:26 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe

2009-12-20 03:26 . 2008-12-24 04:43 6106960 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe

2009-12-09 13:02 . 2009-12-09 13:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2009-11-21 15:51 . 2004-08-10 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 36864]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

"nwiz"="nwiz.exe" [2007-06-29 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lhuloge

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spino

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zefuzojun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]

2005-11-14 14:21 57344 ----a-w- c:\program files\Common Files\soft602\pdfSaver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2005-12-08 17:06 16384 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

2003-09-17 16:43 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2004-10-12 22:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2004-08-10 10:04 59392 ----a-w- c:\windows\EHOME\EHTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 16:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2004-03-23 18:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2006-02-23 21:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2005-10-25 21:33 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

2006-07-19 17:03 94208 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-06-29 05:43 1626112 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-05-20 02:30 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-02-15 15:33 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-06-03 08:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 22:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=

"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/27/2009 7:06 PM 24652]

R3 atinewp2;ATI eHomeWonder, WDM Video CODEC;c:\windows\SYSTEM32\DRIVERS\atinewp2.sys [1/1/1980 485888]

S1 dbrkrlbq;dbrkrlbq;\??\c:\windows\system32\drivers\dbrkrlbq.sys --> c:\windows\system32\drivers\dbrkrlbq.sys [?]

S1 dmyqzbsm;dmyqzbsm;\??\c:\windows\system32\drivers\dmyqzbsm.sys --> c:\windows\system32\drivers\dmyqzbsm.sys [?]

S1 esmqdpyx;esmqdpyx;\??\c:\windows\system32\drivers\esmqdpyx.sys --> c:\windows\system32\drivers\esmqdpyx.sys [?]

S1 gsxtajbd;gsxtajbd;\??\c:\windows\system32\drivers\gsxtajbd.sys --> c:\windows\system32\drivers\gsxtajbd.sys [?]

S1 ifocdzor;ifocdzor;\??\c:\windows\system32\drivers\ifocdzor.sys --> c:\windows\system32\drivers\ifocdzor.sys [?]

S1 injuvvim;injuvvim;\??\c:\windows\system32\drivers\injuvvim.sys --> c:\windows\system32\drivers\injuvvim.sys [?]

S1 ipblycaj;ipblycaj;\??\c:\windows\system32\drivers\ipblycaj.sys --> c:\windows\system32\drivers\ipblycaj.sys [?]

S1 jewlsmmc;jewlsmmc;\??\c:\windows\system32\drivers\jewlsmmc.sys --> c:\windows\system32\drivers\jewlsmmc.sys [?]

S1 jwukahxi;jwukahxi;\??\c:\windows\system32\drivers\jwukahxi.sys --> c:\windows\system32\drivers\jwukahxi.sys [?]

S1 kdjqbfwn;kdjqbfwn;\??\c:\windows\system32\drivers\kdjqbfwn.sys --> c:\windows\system32\drivers\kdjqbfwn.sys [?]

S1 kvxgccft;kvxgccft;\??\c:\windows\system32\drivers\kvxgccft.sys --> c:\windows\system32\drivers\kvxgccft.sys [?]

S1 ncmkkmrg;ncmkkmrg;\??\c:\windows\system32\drivers\ncmkkmrg.sys --> c:\windows\system32\drivers\ncmkkmrg.sys [?]

S1 owyniuyo;owyniuyo;\??\c:\windows\system32\drivers\owyniuyo.sys --> c:\windows\system32\drivers\owyniuyo.sys [?]

S1 oxakhrkp;oxakhrkp;\??\c:\windows\system32\drivers\oxakhrkp.sys --> c:\windows\system32\drivers\oxakhrkp.sys [?]

S1 oynzsfnl;oynzsfnl;\??\c:\windows\system32\drivers\oynzsfnl.sys --> c:\windows\system32\drivers\oynzsfnl.sys [?]

S1 pdlmgonj;pdlmgonj;\??\c:\windows\system32\drivers\pdlmgonj.sys --> c:\windows\system32\drivers\pdlmgonj.sys [?]

S1 pelrthcu;pelrthcu;\??\c:\windows\system32\drivers\pelrthcu.sys --> c:\windows\system32\drivers\pelrthcu.sys [?]

S1 qbhkgxix;qbhkgxix;\??\c:\windows\system32\drivers\qbhkgxix.sys --> c:\windows\system32\drivers\qbhkgxix.sys [?]

S1 shufjjnj;shufjjnj;\??\c:\windows\system32\drivers\shufjjnj.sys --> c:\windows\system32\drivers\shufjjnj.sys [?]

S1 sjsroecg;sjsroecg;\??\c:\windows\system32\drivers\sjsroecg.sys --> c:\windows\system32\drivers\sjsroecg.sys [?]

S1 somglxga;somglxga;\??\c:\windows\system32\drivers\somglxga.sys --> c:\windows\system32\drivers\somglxga.sys [?]

S1 tvhglocx;tvhglocx;\??\c:\windows\system32\drivers\tvhglocx.sys --> c:\windows\system32\drivers\tvhglocx.sys [?]

S1 ucxvvnxj;ucxvvnxj;\??\c:\windows\system32\drivers\ucxvvnxj.sys --> c:\windows\system32\drivers\ucxvvnxj.sys [?]

S1 uueumuig;uueumuig;\??\c:\windows\system32\drivers\uueumuig.sys --> c:\windows\system32\drivers\uueumuig.sys [?]

S1 vemmitqn;vemmitqn;\??\c:\windows\system32\drivers\vemmitqn.sys --> c:\windows\system32\drivers\vemmitqn.sys [?]

S1 xdhnxasc;xdhnxasc;\??\c:\windows\system32\drivers\xdhnxasc.sys --> c:\windows\system32\drivers\xdhnxasc.sys [?]

S1 xnejayvb;xnejayvb;\??\c:\windows\system32\drivers\xnejayvb.sys --> c:\windows\system32\drivers\xnejayvb.sys [?]

S1 xpcbgfcm;xpcbgfcm;\??\c:\windows\system32\drivers\xpcbgfcm.sys --> c:\windows\system32\drivers\xpcbgfcm.sys [?]

S1 xuocmkdo;xuocmkdo;\??\c:\windows\system32\drivers\xuocmkdo.sys --> c:\windows\system32\drivers\xuocmkdo.sys [?]

S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [12/23/2008 10:45 PM 18560]

S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\SYSTEM32\DRIVERS\V0060Vid.sys [10/19/2006 9:32 PM 165285]

.

Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 23:36]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/

uInternet Settings,ProxyOverride = localhost

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki...

Trusted Zone: aol.com\free

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Diane Parkert\Application Data\Mozilla\Firefox\Profiles\2kg1oqvi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)

WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)

SharedTaskScheduler-{50a8ad2d-88b4-4939-bfb6-6738b1593a6a} - (no file)

SSODL-leziweziz-{50a8ad2d-88b4-4939-bfb6-6738b1593a6a} - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 13:42

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1900)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\windows\system32\CTsvcCDA.EXE

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe

c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RunDLL32.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2010-02-01 13:47:49 - machine was rebooted

ComboFix-quarantined-files.txt 2010-02-01 19:47

Pre-Run: 40,044,752,896 bytes free

Post-Run: 41,040,191,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7FD46845506586550A07482EBA1922EA

Link to post
Share on other sites

Please download maxhandle.exe by noahdfear to your desktop

  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals
  • If Max++ is present the log will open automatically.
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
  • Log is saved to c:\maxhandle.txt

Please post the results for my review.

Link to post
Share on other sites

Yes it is :)

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

Malwarebytes log

Malwarebytes' Anti-Malware 1.44

Database version: 3680

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/2/2010 1:39:34 PM

mbam-log-2010-02-02 (13-39-34).txt

Scan type: Quick Scan

Objects scanned: 132509

Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Kaspersky log

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, February 2, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, February 02, 2010 20:42:55

Records in database: 3398731

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

Scan statistics:

Objects scanned: 81046

Threats found: 3

Infected objects found: 2

Suspicious objects found: 1

Scan duration: 01:54:28

File name / Threat / Threats count

C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\Identities\{B32D48CA-91FC-4570-8853-6AD2EA99D834}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\4827.exe.vir Infected: Trojan.Win32.Agent.dgbl 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\44699996.Evt.vir Infected: Trojan-Proxy.Win32.Saturn.jt 1

Selected area has been scanned.

Link to post
Share on other sites

You have a suspicious email in your sent items box.

I recommend to empty the sent items box unless you can spot the suspicious email.

Please go to Start>Run type in Notepad.

Copy what is in the code box below into the open Notepad window.

Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.

@Echo off

sc stop "dbrkrlbq"
sc delete "dbrkrlbq"
sc stop "dmyqzbsm"
sc delete "dmyqzbsm"
sc stop "esmqdpyx"
sc delete "esmqdpyx"
sc stop "gsxtajbd"
sc delete "gsxtajbd"
sc stop "ifocdzor"
sc delete "ifocdzor"
sc stop "injuvvim"
sc delete "injuvvim"
sc stop "ipblycaj"
sc delete "ipblycaj"
sc stop "jewlsmmc"
sc delete "jewlsmmc"
sc stop "jwukahxi"
sc delete "jwukahxi"
sc stop "kdjqbfwn"
sc delete "kdjqbfwn"
sc stop "kvxgccft"
sc delete "kvxgccft"
sc stop "ncmkkmrg"
sc delete "ncmkkmrg"
sc stop "owyniuyo"
sc delete "owyniuyo"
sc stop "oxakhrkp"
sc delete "oxakhrkp"
sc stop "oynzsfnl"
sc delete "oynzsfnl"
sc stop "pdlmgonj"
sc delete "pdlmgonj"
sc stop "pelrthcu"
sc delete "pelrthcu"
sc stop "qbhkgxix"
sc delete "qbhkgxix"
sc stop "qbhkgxix"
sc delete "qbhkgxix"
sc stop "sjsroecg"
sc delete "sjsroecg"
sc stop "somglxga"
sc delete "somglxga"
sc stop "tvhglocx"
sc delete "tvhglocx"
sc stop "ucxvvnxj"
sc delete "ucxvvnxj"
sc stop "uueumuig"
sc delete "uueumuig"
sc stop "vemmitqn"
sc delete "vemmitqn"
sc stop "xdhnxasc"
sc delete "xdhnxasc"
sc stop "xnejayvb"
sc delete "xnejayvb"
sc stop "xpcbgfcm"
sc delete "xpcbgfcm"
sc stop "xuocmkdo"
sc delete "xuocmkdo"
del %0

Then please double click on fixthis.bat a window will open and close quickly.This is normal.

================

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

OTL text -

OTL logfile created on: 2/3/2010 2:38:27 AM - Run 4

OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 693.00 Mb Available Physical Memory | 68.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.79 Gb Total Space | 38.03 Gb Free Space | 54.49% Space Free | Partition Type: NTFS

Drive D: | 203.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive E: | 308.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

Drive G: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 1.91 Gb Total Space | 1.76 Gb Free Space | 92.39% Space Free | Partition Type: FAT

I: Drive not present or media not loaded

Computer Name: DIANE

Current User Name: Diane

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\SYSTEM32\PnkBstrB.exe ()

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SYSTEM32\PnkBstrA.exe ()

PRC - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)

PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE (Microsoft Corporation)

PRC - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)

PRC - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (PnkBstrB) -- C:\WINDOWS\SYSTEM32\PnkBstrB.exe ()

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV - (PnkBstrA) -- C:\WINDOWS\SYSTEM32\PnkBstrA.exe ()

SRV - (FlipShare Service) -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe ()

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)

SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)

SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe (Intel Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found

DRV - (MpFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys (Microsoft Corporation)

DRV - (FlyUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys (LeapFrog)

DRV - (IrBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys (Microsoft Corporation)

DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (LHidKe) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidKE.Sys (Logitech Inc.)

DRV - (LMouKE) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys (Logitech Inc.)

DRV - (LUsbKbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\LUsbKbd.sys (Logitech Inc.)

DRV - (LHidUsbK) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbK.sys (Logitech Inc.)

DRV - (L8042mou) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042MOU.SYS (Logitech Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.SYS (Logitech Inc.)

DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)

DRV - (hap17v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP17v2k.sys (Creative Technology Ltd)

DRV - (hap16v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys (Creative Technology Ltd)

DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd)

DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd)

DRV - (ctdvda2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys (Creative Technology Ltd)

DRV - (HPZius12) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys (HP)

DRV - (HPZipr12) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZid412) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys (HP)

DRV - (pfc) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys (Padus, Inc.)

DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (V0060VID) -- C:\WINDOWS\SYSTEM32\DRIVERS\V0060Vid.sys (Creative Technology Ltd.)

DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)

DRV - (atinewp2) -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys (ATI Technologies Inc.)

DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)

DRV - (WmFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys (Logitech Inc.)

DRV - (WmXlCore) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys (Logitech Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (E100B) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 22:28:50 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 20:44:41 | 00,000,000 | ---D | M]

[2009/12/19 22:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Parkert\Application Data\Mozilla\Extensions

[2009/12/19 22:41:00 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane Parkert\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/01/26 22:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Diane Parkert\Application Data\Mozilla\Firefox\Profiles\2kg1oqvi.default\extensions

[2010/02/02 13:51:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2006/11/01 12:16:18 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/01/26 22:28:50 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/01/26 22:28:43 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/26 22:28:43 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/01/26 22:28:45 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/12/02 01:38:29 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/12/02 01:38:29 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

[2009/12/02 01:38:29 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/12/02 01:38:29 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/12/02 01:38:29 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/12/02 01:38:29 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/12/02 01:38:29 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/02/01 13:42:08 | 00,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [VF0060 STISvc] C:\WINDOWS\System32\V0060Pin.dll (Creative Technology Ltd.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)

O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/3...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)

O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} ftp://ftp.autodesk.com/pub/whip/english/whip.cab (Autodesk WHIP! Control)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (ZoneIntro Class)

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab (CBreakshotControl Class)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\bw+0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw+0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw-0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw00 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw00s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw-0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw10 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw10s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw20 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw20s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw30 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw30s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw40 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw40s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw50 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw50s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw60 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw60s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw70 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw70s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw80 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw80s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw90 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw90s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwa0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwa0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwb0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwb0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwc0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwc0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwd0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwd0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwe0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwe0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwf0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwf0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwg0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwg0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwh0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwh0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwi0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwi0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwj0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwj0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwk0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwk0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwl0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwl0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwm0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwm0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwn0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwn0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwo0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwo0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwp0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwp0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwq0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwq0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwr0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwr0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bws0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bws0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwt0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwt0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwu0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwu0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwv0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwv0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bww0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bww0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwx0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwx0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwy0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwy0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwz0 {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwz0s {54604a57-693b-4231-8ad1-3a2beed98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\offline-8876480 {54604A57-693B-4231-8AD1-3A2BEED98390} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/10 13:40:24 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2000/06/10 05:45:33 | 00,000,054 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2002/07/13 13:16:38 | 00,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2002/09/17 09:47:34 | 00,753,664 | R--- | M] (Infogrames) - E:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2006/12/11 14:03:59 | 00,000,277 | R--- | M] () - G:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{4c09d063-1e79-11de-860f-001111c3c8e7}\Shell - "" = AutoRun

O33 - MountPoints2\{4c09d063-1e79-11de-860f-001111c3c8e7}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4c09d063-1e79-11de-860f-001111c3c8e7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2006/12/07 12:45:13 | 01,095,224 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/02 13:33:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/02 13:33:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/02 13:33:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/02 13:30:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2010/02/02 10:11:15 | 00,417,136 | ---- | C] (Sysinternals) -- C:\WINDOWS\handle.exe

[2010/02/01 14:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\Desktop\Mikes programs

[2010/02/01 13:47:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/02/01 10:39:42 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2010/02/01 08:26:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/02/01 08:26:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/02/01 08:26:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/02/01 08:26:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/02/01 08:26:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/01/31 21:10:01 | 00,000,000 | ---D | C] -- C:\Qoobox

[2010/01/30 21:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/01/30 10:08:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Diane Parkert\Desktop\Temporary Internet Files

[2010/01/29 22:41:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2010/01/29 19:32:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

[2010/01/29 11:31:14 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2010/01/29 11:31:14 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2010/01/28 20:50:53 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/01/28 20:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth

[2010/01/28 20:47:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/01/28 19:08:59 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010/01/27 21:10:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2010/01/27 21:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2010/01/26 23:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\RegScrubXP

[2010/01/26 22:43:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010/01/26 22:43:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2010/01/26 22:43:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010/01/26 21:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/01/26 21:18:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/01/26 21:09:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\My Documents\Downloads

[2010/01/26 20:56:23 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Diane Parkert\IECompatCache

[2010/01/26 20:39:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\Threat Expert

[2010/01/26 09:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2010/01/26 09:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\PCPitstop

[2010/01/24 19:41:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/01/24 19:29:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Diane Parkert\Application Data\AVG8

[2010/01/24 10:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010/01/13 23:40:29 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2010/01/10 08:09:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2009/12/09 07:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2009/12/03 07:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2009/03/19 15:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint

[2008/09/07 07:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2006/07/03 17:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HP

[2005/12/15 11:03:40 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

[2005/02/18 21:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

[2005/02/15 09:25:30 | 00,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/02 13:33:54 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/01 13:42:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/02/01 13:42:08 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2010/02/01 13:42:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2010/02/01 11:00:23 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/02/01 10:55:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/01 10:55:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2010/02/01 10:55:06 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys

[2010/02/01 10:54:23 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx

[2010/02/01 10:54:23 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx

[2010/02/01 10:54:23 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx

[2010/02/01 10:54:23 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx

[2010/02/01 10:54:23 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx

[2010/02/01 10:54:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2010/02/01 10:54:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2010/02/01 10:54:01 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\Diane Parkert\NTUSER.DAT

[2010/02/01 10:54:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Diane Parkert\NTUSER.INI

[2010/02/01 10:39:48 | 00,000,279 | RHS- | M] () -- C:\BOOT.INI

[2010/01/31 00:47:12 | 00,000,778 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2010/01/31 00:47:12 | 00,000,209 | ---- | M] () -- C:\Boot.bak

[2010/01/30 21:17:14 | 00,222,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/01/28 20:47:41 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/01/27 22:36:01 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2010/01/27 22:34:22 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Diane Parkert\defogger_reenable

[2010/01/27 20:51:44 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\housecall.guid.cache

[2010/01/26 23:20:23 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Diane Parkert\Desktop\RegScrubXP.lnk

[2010/01/26 22:12:05 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\poreleji

[2010/01/26 22:03:44 | 00,000,589 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/01/26 20:21:50 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Groreda.dat

[2010/01/26 09:45:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ctupi.bin

[2010/01/22 03:16:39 | 02,639,268 | -H-- | M] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\IconCache.db

[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/01/14 03:03:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/02 13:33:54 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/01 10:39:48 | 00,000,209 | ---- | C] () -- C:\Boot.bak

[2010/02/01 10:39:45 | 00,260,272 | ---- | C] () -- C:\cmldr

[2010/02/01 08:26:04 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/02/01 08:26:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/02/01 08:26:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/02/01 08:26:04 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/02/01 08:26:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/01/28 20:52:51 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/01/28 20:47:41 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/01/27 22:34:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\defogger_reenable

[2010/01/27 20:51:44 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\housecall.guid.cache

[2010/01/26 23:20:23 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Desktop\RegScrubXP.lnk

[2010/01/26 22:04:11 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\poreleji

[2010/01/26 09:45:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ctupi.bin

[2010/01/26 09:45:27 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Groreda.dat

[2009/12/19 23:35:38 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini

[2009/10/03 17:03:21 | 00,002,065 | ---- | C] () -- C:\WINDOWS\Disney.ini

[2009/01/24 11:00:04 | 00,000,075 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini

[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/07/19 20:17:28 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Application Data\PnkBstrK.sys

[2008/07/19 20:17:07 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2007/11/10 21:29:55 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2007/03/20 15:16:28 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Application Data\PFP120JPR.{PB

[2007/03/20 15:16:28 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Application Data\PFP120JCM.{PB

[2006/11/01 14:22:13 | 00,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL

[2006/10/18 17:36:18 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/08/11 21:45:20 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/08/11 21:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/08/11 21:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/08/11 21:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/08/11 21:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/08/11 21:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/07/25 17:21:03 | 00,050,410 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini

[2006/07/19 20:06:26 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2006/07/03 16:56:07 | 00,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2006/07/03 16:55:58 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2006/05/19 20:35:02 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2005/12/08 11:24:52 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL

[2005/06/16 17:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

[2005/06/10 16:24:04 | 00,000,092 | ---- | C] () -- C:\WINDOWS\ka.ini

[2005/03/28 18:21:53 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2005/03/25 21:27:45 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2005/02/20 12:33:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/02/20 12:21:00 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS43.DLL

[2005/02/18 21:05:32 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/02/18 20:59:08 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Diane Parkert\Local Settings\Application Data\fusioncache.dat

[2005/02/15 09:35:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/02/15 09:30:19 | 00,000,589 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/02/15 09:25:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2005/02/15 09:25:32 | 00,000,193 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2005/02/15 09:25:09 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2005/02/15 08:56:06 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/19 16:22:58 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/10 05:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2003/03/21 16:56:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI

[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

You said to get "Java SE Runtime Environment (JRE) 6 Update 18" and then run "jre-6u10-windows-i586-p.exe" but the only exe file they show on the download page is this one with a different name. Should I download and install this one or is there a different one I need to look for?

Select All File Description and Name Size

Windows Offline Installation

jre-6u18-windows-i586.exe 15.20 MB

Link to post
Share on other sites

OK, got everything finished then. Thanks a ton for your help. I did notice earlier when I ran OTL that it said that CyberDefender Internet Security was running still. How do I get rid of that thing? I uninstalled it but apparently there are still traces of it left on the machine. If you have any ideas for that one let me know. Otherwise, awesome job....things seem to be working properly.

Link to post
Share on other sites

OK, got everything finished then. Thanks a ton for your help. I did notice earlier when I ran OTL that it said that CyberDefender Internet Security was running still. How do I get rid of that thing? I uninstalled it but apparently there are still traces of it left on the machine. If you have any ideas for that one let me know. Otherwise, awesome job....things seem to be working properly.

Link to post
Share on other sites

1. Click on the Start menu.

2. Select Run...

3. Type wbemtest and click OK

4. Connect to root\SecurityCenter

5. Click on Query

6. Type in SELECT * FROM AntiVirusProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

Select the Cyber Defender entry and remove it.

Link to post
Share on other sites

OK got it...

One more favor if you don't mind. We are still having some internet connectivity issues. (ie- one pc is being used online and when the other one is used online the 1st one goes offline and other random drops)

How can I tell if this is just a hardware problem or something still in one of the computers that is causing this?

Link to post
Share on other sites

This does not appear to sound like a malware issue but have you tried to unplug the modem and the router to let them renew the ip addresses?

If not try that just disconnect the power to each box let them fully power down then power them back up.

Then once that is done let me know if that helps.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.