Jump to content

Recommended Posts

So I had IS2010 and managed to remove it (so I thought). But I'm still experiencing browser redirects in Firefox. Malwarebytes can't find the issue at all. PLEASE help me. This is my third try here and no one has even responded. :{ I'll do whatever I need to.

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 6:47:51 AM, on 2/11/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\Rhapsody\rhaphlpr.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Windows\explorer.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: 61871.lnk = ?

O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?

O4 - Global Startup: Rainmeter.lnk = ?

O4 - Global User Startup: Philips GoGear VIBE Device Manager.lnk = ?

O4 - Global User Startup: Rainmeter.lnk = ?

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: kedulode.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe

O23 - Service: WLTRYSVC - Unknown owner - C:\Windows\System32\wltrysvc.exe

--

End of file - 4729 bytes

Link to post
Share on other sites

Hello PeonyMilk

Welcome to Malwarebytes.

Please do not start multiple topic's.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    %SYSTEMDRIVE%\*.*

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    /md5stop

    %systemroot%\*. /mp /s

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

Thank you so much. I'm sorry for starting multiple topics. I didn't know it wasn't allowed.

OTL logfile created on: 2/15/2010 9:29:00 AM - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Marie\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 421.54 Gb Free Space | 90.51% Space Free | Partition Type: NTFS

Drive D: | 69.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC

Current User Name: Marie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)

PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt ()

DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.)

DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV - (rt61x86) -- C:\Windows\System32\drivers\WMP54Gv41x86.sys (Ralink Technology Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.2

FF - prefs.js..extensions.enabledItems: {E54712A8-37D8-4FD1-88E1-F338CA91CFDE}:1.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{E54712A8-37D8-4FD1-88E1-F338CA91CFDE}: C:\Users\Marie\AppData\Local\{E54712A8-37D8-4FD1-88E1-F338CA91CFDE}\ [2010/01/29 16:44:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/29 23:04:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 22:34:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/08 20:52:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/01/03 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions

[2010/01/03 19:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/02/14 16:58:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions

[2010/01/07 22:53:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/04 16:02:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\ntortarolo@hotmail.com

[2010/01/16 01:33:05 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\personas@christopher.beard

[2010/02/07 17:25:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\silvermel@pardal.de

[2010/02/07 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\silvermelxt@pardal.de

[2010/01/05 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Sunbird\Profiles\l308czzl.default\extensions

[2009/06/16 17:20:58 | 000,002,236 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\searchplugins\askcom.xml

[2010/02/14 16:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/30 22:03:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/08 20:52:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/01/15 22:09:51 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/15 22:09:52 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/02/08 20:52:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/01/15 22:09:53 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/10/09 13:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/10/09 13:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010/01/25 10:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/15 19:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/01/30 22:14:36 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)

O4 - HKCU..\Run: [DriverMax_RESTART] File not found

O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()

O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk = C:\Users\Marie\AppData\Local\Temp\mvNat.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (kedulode.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/02/18 10:54:08 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]

O33 - MountPoints2\{7bde66da-ea61-11de-a3d3-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{7bde66da-ea61-11de-a3d3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\installer.exe -- [2009/02/19 11:30:18 | 001,777,668 | R--- | M] (Royal Philips)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/15 09:25:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe

[2010/02/13 00:22:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/02/10 02:54:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\Media Converter for Philips

[2010/02/10 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\ArcSoft

[2010/02/10 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\ArcSoft

[2010/02/10 00:54:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft

[2010/02/10 00:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft

[2010/02/10 00:53:11 | 000,000,000 | ---D | C] -- C:\Philips

[2010/02/10 00:52:37 | 000,000,000 | ---D | C] -- C:\temp

[2010/02/09 18:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/02/09 06:12:19 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Trillian

[2010/02/09 06:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian

[2010/02/09 04:57:10 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Stardock

[2010/02/09 04:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

[2010/02/09 04:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2010/02/09 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\PackageAware

[2010/02/09 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\Rainmeter

[2010/02/09 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Rainmeter

[2010/02/09 04:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter

[2010/02/09 04:36:26 | 000,000,000 | ---D | C] -- C:\Users\Marie\.rainlendar2

[2010/02/09 04:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rainlendar2

[2010/02/08 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/02/08 20:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/02/08 20:52:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/02/08 20:52:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/02/08 20:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/02/08 20:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/02/08 20:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/02/06 05:06:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Real

[2010/02/06 05:06:36 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Media Player Classic

[2010/02/05 22:34:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2010/02/05 22:34:21 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2010/02/05 22:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect

[2010/02/05 22:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2010/02/05 22:34:03 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Winamp

[2010/02/05 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

[2010/02/01 16:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Cobian

[2010/02/01 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9

[2010/02/01 16:27:34 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/02/01 16:27:34 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/02/01 16:27:34 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/02/01 16:27:34 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/02/01 16:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative

[2010/02/01 16:24:11 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm

[2010/02/01 16:24:11 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2010/02/01 16:24:11 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2010/02/01 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/01/30 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/01/30 15:03:21 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\gtk-2.0

[2010/01/30 15:02:46 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\PCF-VLC

[2010/01/29 23:49:07 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Participatory Culture Foundation

[2010/01/29 23:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation

[2010/01/29 23:03:57 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2010/01/29 23:03:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/01/29 23:03:52 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/01/29 23:03:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/01/29 23:03:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/01/29 23:03:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010/01/29 23:03:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010/01/29 21:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/01/29 21:41:36 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\SUPERAntiSpyware.com

[2010/01/29 21:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/01/29 19:02:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\mycodec

[2010/01/29 19:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\MyVideoConverter

[2010/01/29 18:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/01/29 18:21:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/01/29 18:21:41 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/01/29 16:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/01/29 16:44:08 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\{E54712A8-37D8-4FD1-88E1-F338CA91CFDE}

[2010/01/28 23:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2010/01/28 22:52:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2010/01/28 21:08:15 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2010/01/28 21:08:15 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll

[2010/01/28 21:08:15 | 000,351,744 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll

[2010/01/28 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share

[2010/01/28 21:08:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2010/01/28 21:08:14 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll

[2010/01/28 21:08:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

[2010/01/27 19:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\portalgraphics

[2010/01/27 19:22:06 | 001,975,102 | ---- | C] (Installshield Software Corporation ) -- C:\Windows\System32\xa98599078.exe

[2010/01/27 19:22:06 | 001,975,102 | ---- | C] (Installshield Software Corporation ) -- C:\Windows\System32\xa98598843.exe

[2010/01/26 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Tale of Tales

[2010/01/24 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\vlc

[2010/01/24 23:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2010/01/18 13:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software

[2010/01/18 13:29:05 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\skypePM

[2010/01/18 13:26:19 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Skype

[2010/01/18 13:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/01/18 13:25:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/01/18 13:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/01/18 13:21:37 | 000,000,000 | ---D | C] -- C:\Windows\PixArt

[2010/01/18 13:20:50 | 000,611,584 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PFC027.SYS

[2010/01/18 13:20:50 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\System32\SP207.AX

[2010/01/18 13:20:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\AMCap.exe

[2010/01/18 13:20:50 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\CoInst_070629.dll

[2010/01/18 13:20:50 | 000,000,000 | ---D | C] -- C:\Windows\Webcam1200

[2010/01/18 13:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webcam 1200

========== Files - Modified Within 30 Days ==========

[2010/02/15 09:29:12 | 001,835,008 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT

[2010/02/15 09:25:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe

[2010/02/15 08:28:12 | 000,000,218 | ---- | M] () -- C:\Users\Marie\.recently-used.xbel

[2010/02/15 07:43:40 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/02/15 07:43:40 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/02/13 01:49:13 | 000,689,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/02/13 01:49:13 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/02/13 01:49:13 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/02/13 01:43:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/02/13 01:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/02/13 01:42:53 | 000,524,288 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms

[2010/02/13 01:42:53 | 000,065,536 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf

[2010/02/13 01:42:52 | 001,833,220 | -H-- | M] () -- C:\Users\Marie\AppData\Local\IconCache.db

[2010/02/12 04:24:53 | 018,499,623 | ---- | M] () -- C:\Users\Marie\Documents\vlc-1.0.5-win32.exe

[2010/02/12 04:15:45 | 000,012,288 | ---- | M] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/10 00:53:11 | 000,000,751 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Philips GoGear VIBE Device Manager.lnk

[2010/02/09 06:12:14 | 000,000,803 | ---- | M] () -- C:\Users\Marie\Desktop\Trillian.lnk

[2010/02/09 04:36:57 | 000,001,623 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Rainmeter.lnk

[2010/02/08 20:52:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/02/08 20:52:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/02/08 20:52:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/02/08 20:52:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/02/03 02:16:57 | 000,000,447 | ---- | M] () -- C:\Windows\win.ini

[2010/01/30 22:14:36 | 000,000,763 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/01/30 22:03:07 | 000,001,657 | ---- | M] () -- C:\Users\Marie\Desktop\Mozilla Firefox.lnk

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/01/29 19:02:33 | 000,005,527 | ---- | M] () -- C:\Windows\System32\drivers\mycodec\25372031.gif

[2010/01/29 18:13:26 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\yibaravu

[2010/01/29 16:54:50 | 000,092,160 | ---- | M] () -- C:\Windows\System32\umstartup.etl

[2010/01/29 16:52:14 | 001,477,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/01/29 16:48:28 | 166,415,592 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/01/29 16:44:09 | 000,000,120 | ---- | M] () -- C:\Users\Marie\AppData\Local\Kfuface.dat

[2010/01/29 16:44:09 | 000,000,000 | ---- | M] () -- C:\Users\Marie\AppData\Local\Kdoqo.bin

[2010/01/29 16:38:12 | 000,000,705 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk

[2010/01/29 01:55:00 | 000,037,400 | ---- | M] () -- C:\Users\Marie\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/01/27 19:22:06 | 001,975,102 | ---- | M] (Installshield Software Corporation ) -- C:\Windows\System32\xa98599078.exe

[2010/01/27 19:22:06 | 001,975,102 | ---- | M] (Installshield Software Corporation ) -- C:\Windows\System32\xa98598843.exe

[2010/01/18 13:29:05 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\yibaravu

[2010/02/15 08:28:12 | 000,000,218 | ---- | C] () -- C:\Users\Marie\.recently-used.xbel

[2010/02/12 04:21:07 | 018,499,623 | ---- | C] () -- C:\Users\Marie\Documents\vlc-1.0.5-win32.exe

[2010/02/10 00:53:11 | 000,000,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Philips GoGear VIBE Device Manager.lnk

[2010/02/09 06:12:14 | 000,000,803 | ---- | C] () -- C:\Users\Marie\Desktop\Trillian.lnk

[2010/02/09 05:03:08 | 000,000,899 | ---- | C] () -- C:\Users\Marie\Desktop\Adobe Photoshop CS3.lnk

[2010/02/09 04:36:57 | 000,001,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Rainmeter.lnk

[2010/02/01 16:24:12 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/02/01 16:24:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/02/01 16:24:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/02/01 16:24:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/02/01 16:24:11 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2010/02/01 16:24:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/02/01 16:24:10 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/01/30 22:03:07 | 000,001,657 | ---- | C] () -- C:\Users\Marie\Desktop\Mozilla Firefox.lnk

[2010/01/29 19:40:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/01/29 19:02:33 | 000,005,527 | ---- | C] () -- C:\Windows\System32\drivers\mycodec\25372031.gif

[2010/01/29 16:44:09 | 000,000,120 | ---- | C] () -- C:\Users\Marie\AppData\Local\Kfuface.dat

[2010/01/29 16:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\Kdoqo.bin

[2010/01/29 16:38:12 | 000,000,705 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk

[2010/01/18 14:01:50 | 000,012,288 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/18 13:29:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/01/18 13:20:50 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI

[2010/01/17 17:59:23 | 166,415,592 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2009/12/16 12:23:49 | 000,000,680 | ---- | C] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat

[2009/04/11 08:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2007/06/12 10:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\System32\WLAN.INI

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll

[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll

[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

[1999/07/06 19:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80

========== LOP Check ==========

[2010/02/13 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Azureus

[2010/01/15 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\com.nyokkiandpenne.F0E7CAEB6C999B7295C92469EB5007893E83B68E.1

[2010/02/14 22:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\gtk-2.0

[2010/01/29 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Participatory Culture Foundation

[2010/02/14 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PCF-VLC

[2010/02/09 06:26:22 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Rainmeter

[2010/02/09 04:57:10 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Stardock

[2009/12/28 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SYSTEMAX Software Development

[2010/02/09 06:18:37 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Trillian

[2010/02/13 01:42:54 | 000,026,432 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 08:19:41 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008/04/14 10:51:46 | 000,171,136 | RHS- | M] () -- C:\GRLDR

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/02/13 01:43:35 | 3802,537,984 | -HS- | M] () -- C:\pagefile.sys

< MD5 for: AGP440.SYS >

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/11 08:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/11 08:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/11 08:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/04/11 08:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 08:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/04/11 08:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 08:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/11/04 10:46:00 | 000,479,232 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll

[2008/01/20 21:22:35 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2008/01/20 21:22:35 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2009/04/11 08:19:41 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 08:19:39 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

OTL logfile created on: 2/15/2010 9:29:00 AM - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Marie\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 421.54 Gb Free Space | 90.51% Space Free | Partition Type: NTFS

Drive D: | 69.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC

Current User Name: Marie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)

PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt ()

DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.)

DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV - (rt61x86) -- C:\Windows\System32\drivers\WMP54Gv41x86.sys (Ralink Technology Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.2

FF - prefs.js..extensions.enabledItems: {E54712A8-37D8-4FD1-88E1-F338CA91CFDE}:1.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{E54712A8-37D8-4FD1-88E1-F338CA91CFDE}: C:\Users\Marie\AppData\Local\{E54712A8-37D8-4FD1-88E1-F338CA91CFDE}\ [2010/01/29 16:44:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/29 23:04:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 22:34:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/08 20:52:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/01/03 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions

[2010/01/03 19:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/02/14 16:58:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions

[2010/01/07 22:53:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/04 16:02:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\ntortarolo@hotmail.com

[2010/01/16 01:33:05 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\personas@christopher.beard

[2010/02/07 17:25:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\silvermel@pardal.de

[2010/02/07 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\silvermelxt@pardal.de

[2010/01/05 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Sunbird\Profiles\l308czzl.default\extensions

[2009/06/16 17:20:58 | 000,002,236 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\searchplugins\askcom.xml

[2010/02/14 16:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/30 22:03:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/08 20:52:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/01/15 22:09:51 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/15 22:09:52 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/02/08 20:52:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/01/15 22:09:53 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/10/09 13:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/10/09 13:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010/01/25 10:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/15 19:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/01/30 22:14:36 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)

O4 - HKCU..\Run: [DriverMax_RESTART] File not found

O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()

O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk = C:\Users\Marie\AppData\Local\Temp\mvNat.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (kedulode.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/02/18 10:54:08 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]

O33 - MountPoints2\{7bde66da-ea61-11de-a3d3-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{7bde66da-ea61-11de-a3d3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\installer.exe -- [2009/02/19 11:30:18 | 001,777,668 | R--- | M] (Royal Philips)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/15 09:25:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe

[2010/02/13 00:22:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/02/10 02:54:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\Media Converter for Philips

[2010/02/10 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\ArcSoft

[2010/02/10 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\ArcSoft

[2010/02/10 00:54:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft

[2010/02/10 00:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft

[2010/02/10 00:53:11 | 000,000,000 | ---D | C] -- C:\Philips

[2010/02/10 00:52:37 | 000,000,000 | ---D | C] -- C:\temp

[2010/02/09 18:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/02/09 06:12:19 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Trillian

[2010/02/09 06:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian

[2010/02/09 04:57:10 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Stardock

[2010/02/09 04:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

[2010/02/09 04:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2010/02/09 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\PackageAware

[2010/02/09 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\Rainmeter

[2010/02/09 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Rainmeter

[2010/02/09 04:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter

[2010/02/09 04:36:26 | 000,000,000 | ---D | C] -- C:\Users\Marie\.rainlendar2

[2010/02/09 04:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rainlendar2

[2010/02/08 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/02/08 20:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/02/08 20:52:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/02/08 20:52:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/02/08 20:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/02/08 20:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/02/08 20:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/02/06 05:06:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Real

[2010/02/06 05:06:36 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Media Player Classic

[2010/02/05 22:34:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2010/02/05 22:34:21 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2010/02/05 22:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect

[2010/02/05 22:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2010/02/05 22:34:03 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Winamp

[2010/02/05 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

[2010/02/01 16:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Cobian

[2010/02/01 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9

[2010/02/01 16:27:34 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/02/01 16:27:34 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/02/01 16:27:34 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/02/01 16:27:34 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/02/01 16:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative

[2010/02/01 16:24:11 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm

[2010/02/01 16:24:11 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2010/02/01 16:24:11 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2010/02/01 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/01/30 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/01/30 15:03:21 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\gtk-2.0

[2010/01/30 15:02:46 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\PCF-VLC

[2010/01/29 23:49:07 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Participatory Culture Foundation

[2010/01/29 23:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation

[2010/01/29 23:03:57 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2010/01/29 23:03:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/01/29 23:03:52 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/01/29 23:03:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/01/29 23:03:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/01/29 23:03:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010/01/29 23:03:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010/01/29 21:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/01/29 21:41:36 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\SUPERAntiSpyware.com

[2010/01/29 21:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/01/29 19:02:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\mycodec

[2010/01/29 19:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\MyVideoConverter

[2010/01/29 18:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/01/29 18:21:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/01/29 18:21:41 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/01/29 16:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/01/29 16:44:08 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\{E54712A8-37D8-4FD1-88E1-F338CA91CFDE}

[2010/01/28 23:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2010/01/28 22:52:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2010/01/28 21:08:15 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2010/01/28 21:08:15 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll

[2010/01/28 21:08:15 | 000,351,744 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll

[2010/01/28 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share

[2010/01/28 21:08:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2010/01/28 21:08:14 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll

[2010/01/28 21:08:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

[2010/01/27 19:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\portalgraphics

[2010/01/27 19:22:06 | 001,975,102 | ---- | C] (Installshield Software Corporation ) -- C:\Windows\System32\xa98599078.exe

[2010/01/27 19:22:06 | 001,975,102 | ---- | C] (Installshield Software Corporation ) -- C:\Windows\System32\xa98598843.exe

[2010/01/26 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Tale of Tales

[2010/01/24 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\vlc

[2010/01/24 23:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2010/01/18 13:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software

[2010/01/18 13:29:05 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\skypePM

[2010/01/18 13:26:19 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Skype

[2010/01/18 13:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/01/18 13:25:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/01/18 13:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/01/18 13:21:37 | 000,000,000 | ---D | C] -- C:\Windows\PixArt

[2010/01/18 13:20:50 | 000,611,584 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PFC027.SYS

[2010/01/18 13:20:50 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\System32\SP207.AX

[2010/01/18 13:20:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\AMCap.exe

[2010/01/18 13:20:50 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\CoInst_070629.dll

[2010/01/18 13:20:50 | 000,000,000 | ---D | C] -- C:\Windows\Webcam1200

[2010/01/18 13:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webcam 1200

========== Files - Modified Within 30 Days ==========

[2010/02/15 09:29:12 | 001,835,008 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT

[2010/02/15 09:25:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe

[2010/02/15 08:28:12 | 000,000,218 | ---- | M] () -- C:\Users\Marie\.recently-used.xbel

[2010/02/15 07:43:40 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/02/15 07:43:40 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/02/13 01:49:13 | 000,689,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/02/13 01:49:13 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/02/13 01:49:13 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/02/13 01:43:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/02/13 01:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/02/13 01:42:53 | 000,524,288 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms

[2010/02/13 01:42:53 | 000,065,536 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf

[2010/02/13 01:42:52 | 001,833,220 | -H-- | M] () -- C:\Users\Marie\AppData\Local\IconCache.db

[2010/02/12 04:24:53 | 018,499,623 | ---- | M] () -- C:\Users\Marie\Documents\vlc-1.0.5-win32.exe

[2010/02/12 04:15:45 | 000,012,288 | ---- | M] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/10 00:53:11 | 000,000,751 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Philips GoGear VIBE Device Manager.lnk

[2010/02/09 06:12:14 | 000,000,803 | ---- | M] () -- C:\Users\Marie\Desktop\Trillian.lnk

[2010/02/09 04:36:57 | 000,001,623 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Rainmeter.lnk

[2010/02/08 20:52:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/02/08 20:52:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/02/08 20:52:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/02/08 20:52:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/02/03 02:16:57 | 000,000,447 | ---- | M] () -- C:\Windows\win.ini

[2010/01/30 22:14:36 | 000,000,763 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/01/30 22:03:07 | 000,001,657 | ---- | M] () -- C:\Users\Marie\Desktop\Mozilla Firefox.lnk

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/01/29 19:02:33 | 000,005,527 | ---- | M] () -- C:\Windows\System32\drivers\mycodec\25372031.gif

[2010/01/29 18:13:26 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\yibaravu

[2010/01/29 16:54:50 | 000,092,160 | ---- | M] () -- C:\Windows\System32\umstartup.etl

[2010/01/29 16:52:14 | 001,477,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/01/29 16:48:28 | 166,415,592 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/01/29 16:44:09 | 000,000,120 | ---- | M] () -- C:\Users\Marie\AppData\Local\Kfuface.dat

[2010/01/29 16:44:09 | 000,000,000 | ---- | M] () -- C:\Users\Marie\AppData\Local\Kdoqo.bin

[2010/01/29 16:38:12 | 000,000,705 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk

[2010/01/29 01:55:00 | 000,037,400 | ---- | M] () -- C:\Users\Marie\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/01/27 19:22:06 | 001,975,102 | ---- | M] (Installshield Software Corporation ) -- C:\Windows\System32\xa98599078.exe

[2010/01/27 19:22:06 | 001,975,102 | ---- | M] (Installshield Software Corporation ) -- C:\Windows\System32\xa98598843.exe

[2010/01/18 13:29:05 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\yibaravu

[2010/02/15 08:28:12 | 000,000,218 | ---- | C] () -- C:\Users\Marie\.recently-used.xbel

[2010/02/12 04:21:07 | 018,499,623 | ---- | C] () -- C:\Users\Marie\Documents\vlc-1.0.5-win32.exe

[2010/02/10 00:53:11 | 000,000,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Philips GoGear VIBE Device Manager.lnk

[2010/02/09 06:12:14 | 000,000,803 | ---- | C] () -- C:\Users\Marie\Desktop\Trillian.lnk

[2010/02/09 05:03:08 | 000,000,899 | ---- | C] () -- C:\Users\Marie\Desktop\Adobe Photoshop CS3.lnk

[2010/02/09 04:36:57 | 000,001,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Rainmeter.lnk

[2010/02/01 16:24:12 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/02/01 16:24:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/02/01 16:24:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/02/01 16:24:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/02/01 16:24:11 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2010/02/01 16:24:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/02/01 16:24:10 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/01/30 22:03:07 | 000,001,657 | ---- | C] () -- C:\Users\Marie\Desktop\Mozilla Firefox.lnk

[2010/01/29 19:40:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/01/29 19:02:33 | 000,005,527 | ---- | C] () -- C:\Windows\System32\drivers\mycodec\25372031.gif

[2010/01/29 16:44:09 | 000,000,120 | ---- | C] () -- C:\Users\Marie\AppData\Local\Kfuface.dat

[2010/01/29 16:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\Kdoqo.bin

[2010/01/29 16:38:12 | 000,000,705 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk

[2010/01/18 14:01:50 | 000,012,288 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/18 13:29:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/01/18 13:20:50 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI

[2010/01/17 17:59:23 | 166,415,592 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2009/12/16 12:23:49 | 000,000,680 | ---- | C] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat

[2009/04/11 08:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2007/06/12 10:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\System32\WLAN.INI

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll

[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll

[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

[1999/07/06 19:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80

========== LOP Check ==========

[2010/02/13 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Azureus

[2010/01/15 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\com.nyokkiandpenne.F0E7CAEB6C999B7295C92469EB5007893E83B68E.1

[2010/02/14 22:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\gtk-2.0

[2010/01/29 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Participatory Culture Foundation

[2010/02/14 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PCF-VLC

[2010/02/09 06:26:22 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Rainmeter

[2010/02/09 04:57:10 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Stardock

[2009/12/28 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SYSTEMAX Software Development

[2010/02/09 06:18:37 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Trillian

[2010/02/13 01:42:54 | 000,026,432 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 08:19:41 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008/04/14 10:51:46 | 000,171,136 | RHS- | M] () -- C:\GRLDR

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/02/13 01:43:35 | 3802,537,984 | -HS- | M] () -- C:\pagefile.sys

< MD5 for: AGP440.SYS >

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/20 21:21:09 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/11 08:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/11 08:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/11 08:18:59 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/20 21:21:31 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/04/11 08:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 08:19:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/20 21:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/04/11 08:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 08:19:45 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/11/04 10:46:00 | 000,479,232 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll

[2008/01/20 21:22:35 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2008/01/20 21:22:35 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2009/04/11 08:19:41 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 08:19:39 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

I hope I did this correctly. Thanks again for your help!

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-02-15 09:45:12

Windows 6.0.6002 Service Pack 2

Running: xuqlndtw.exe; Driver: C:\Users\Marie\AppData\Local\Temp\pxldapow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8512F856

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 7832

Process hidden process (*** hidden *** ) 7896

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

========================

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

==================

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

=======================================

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.44

Database version: 3745

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

2/16/2010 4:17:51 AM

mbam-log-2010-02-16 (04-17-51).txt

Scan type: Full Scan (C:\|)

Objects scanned: 195966

Time elapsed: 26 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

This is the Kapersky scan report for my Critical areas:

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, February 16, 2010

Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, February 16, 2010 09:21:33

Records in database: 3515863

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area Critical areas

C:\Program Files

C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup

C:\Windows

Scan statistics

Objects scanned 69488

Threats found 5

Infected objects found 5

Suspicious objects found 0

Scan duration 00:47:39

File name Threat Threats count

C:\Program Files\Rainmeter\Themes\RainQuantum WHITE\radio\RainRadio.exe Infected: Trojan.Win32.Pasta.cvw 1

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X2VUPOX\oH400fec88V0100f070006Rf6917724108T0b65f5a9201l0409Ke7dcebdb317[1].pdf Infected: Exploit.Win32.Pidief.cvl 1

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\30263fd5-29b2e2ba Infected: Trojan-Downloader.Java.OpenStream.ad 1

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-5d36caf3 Infected: Exploit.OSX.Smid.b 1

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-54ac0dc1 Infected: Trojan-Downloader.Java.Agent.al 1

Selected area has been scanned.

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    C:\Program Files\Rainmeter\Themes\RainQuantum WHITE\radio\RainRadio.exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X2VUPOX\oH400fec88V0100f070006Rf6917724108T0b65f5a9201l0409Ke7dcebdb317[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\30263fd5-29b2e2ba
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-5d36caf3
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-54ac0dc1


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

================================Follow up scan=================================

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

After that let me know how things are running?

Link to post
Share on other sites

Here is the OTL log. I'm running the next scan now. Thanks so much for your help!

========== FILES ==========

C:\Program Files\Rainmeter\Themes\RainQuantum WHITE\radio\RainRadio.exe moved successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X2VUPOX\oH400fec88V0100f070006Rf6917724108T0b65f5a9201l0409Ke7dcebdb317[1].pdf moved successfully.

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\30263fd5-29b2e2ba moved successfully.

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1862f8ee-5d36caf3 moved successfully.

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4a4036b8-54ac0dc1 moved successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 02162010_095004

Link to post
Share on other sites

Last log:

OTL logfile created on: 2/16/2010 11:06:37 AM - Run 2

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Marie\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 421.34 Gb Free Space | 90.46% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC

Current User Name: Marie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Marie\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

========== Driver Services (SafeList) ==========

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt ()

DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.)

DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)

DRV - (rt61x86) -- C:\Windows\System32\drivers\WMP54Gv41x86.sys (Ralink Technology Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/29 23:04:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 22:34:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/08 20:52:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/01/03 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions

[2010/01/03 19:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/02/16 00:46:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions

[2010/01/07 22:53:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/04 16:02:28 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\ntortarolo@hotmail.com

[2010/01/16 01:33:05 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\personas@christopher.beard

[2010/02/07 17:25:32 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\silvermel@pardal.de

[2010/02/07 17:25:37 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\extensions\silvermelxt@pardal.de

[2010/01/05 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mozilla\Sunbird\Profiles\l308czzl.default\extensions

[2009/06/16 17:20:58 | 000,002,236 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\muv2vxst.default\searchplugins\askcom.xml

[2010/02/16 00:46:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/30 22:03:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/02/08 20:52:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/01/15 22:09:51 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/01/15 22:09:52 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/02/08 20:52:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2010/01/15 22:09:53 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/10/09 13:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/01/10 21:00:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/10/09 13:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010/01/25 10:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/01/15 19:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/01/30 22:14:36 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()

O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk = C:\Users\Marie\AppData\Local\Temp\mvNat.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/16 09:50:04 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/02/15 12:06:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/02/15 12:06:49 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/02/15 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\temp

[2010/02/15 12:01:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/02/15 12:01:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/02/15 12:01:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/02/15 12:01:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/02/15 12:01:27 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/02/15 12:01:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/02/15 09:25:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe

[2010/02/13 00:22:09 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/02/10 02:54:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\Media Converter for Philips

[2010/02/10 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\ArcSoft

[2010/02/10 00:54:23 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\ArcSoft

[2010/02/10 00:54:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft

[2010/02/10 00:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft

[2010/02/10 00:53:11 | 000,000,000 | ---D | C] -- C:\Philips

[2010/02/10 00:52:37 | 000,000,000 | ---D | C] -- C:\temp

[2010/02/09 18:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/02/09 06:12:19 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Trillian

[2010/02/09 06:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian

[2010/02/09 04:57:10 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Stardock

[2010/02/09 04:57:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

[2010/02/09 04:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2010/02/09 04:57:01 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\PackageAware

[2010/02/09 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\Rainmeter

[2010/02/09 04:43:54 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Rainmeter

[2010/02/09 04:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter

[2010/02/09 04:36:26 | 000,000,000 | ---D | C] -- C:\Users\Marie\.rainlendar2

[2010/02/09 04:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rainlendar2

[2010/02/08 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/02/08 20:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/02/08 20:52:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/02/08 20:52:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/02/08 20:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/02/08 20:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/02/08 20:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/02/06 05:06:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Real

[2010/02/06 05:06:36 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Media Player Classic

[2010/02/05 22:34:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2010/02/05 22:34:21 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2010/02/05 22:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect

[2010/02/05 22:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2010/02/05 22:34:03 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Winamp

[2010/02/05 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

[2010/02/01 16:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Cobian

[2010/02/01 16:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9

[2010/02/01 16:27:34 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/02/01 16:27:34 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/02/01 16:27:34 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/02/01 16:27:34 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/02/01 16:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative

[2010/02/01 16:24:11 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm

[2010/02/01 16:24:11 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2010/02/01 16:24:11 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2010/02/01 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/01/30 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro

[2010/01/30 15:03:21 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\gtk-2.0

[2010/01/30 15:02:46 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\PCF-VLC

[2010/01/29 23:49:07 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Participatory Culture Foundation

[2010/01/29 23:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation

[2010/01/29 23:03:57 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2010/01/29 23:03:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/01/29 23:03:52 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/01/29 23:03:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/01/29 23:03:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/01/29 23:03:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010/01/29 23:03:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010/01/29 21:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/01/29 21:41:36 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\SUPERAntiSpyware.com

[2010/01/29 21:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/01/29 19:02:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\mycodec

[2010/01/29 19:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\MyVideoConverter

[2010/01/29 18:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/01/29 18:21:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/01/29 18:21:41 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/01/29 16:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/01/28 23:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2010/01/28 22:52:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2010/01/28 21:08:15 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2010/01/28 21:08:15 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll

[2010/01/28 21:08:15 | 000,351,744 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll

[2010/01/28 21:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share

[2010/01/28 21:08:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll

[2010/01/28 21:08:14 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll

[2010/01/28 21:08:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

[2010/01/27 19:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\portalgraphics

[2010/01/27 19:22:06 | 001,975,102 | ---- | C] (Installshield Software Corporation ) -- C:\Windows\System32\xa98599078.exe

[2010/01/27 19:22:06 | 001,975,102 | ---- | C] (Installshield Software Corporation ) -- C:\Windows\System32\xa98598843.exe

[2010/01/26 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Tale of Tales

[2010/01/24 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\vlc

[2010/01/24 23:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2010/01/18 13:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software

[2010/01/18 13:29:05 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\skypePM

[2010/01/18 13:26:19 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Skype

[2010/01/18 13:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010/01/18 13:25:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010/01/18 13:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/01/18 13:21:37 | 000,000,000 | ---D | C] -- C:\Windows\PixArt

[2010/01/18 13:20:50 | 000,611,584 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PFC027.SYS

[2010/01/18 13:20:50 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\System32\SP207.AX

[2010/01/18 13:20:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\AMCap.exe

[2010/01/18 13:20:50 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\System32\CoInst_070629.dll

[2010/01/18 13:20:50 | 000,000,000 | ---D | C] -- C:\Windows\Webcam1200

[2010/01/18 13:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webcam 1200

========== Files - Modified Within 30 Days ==========

[2010/02/16 11:05:48 | 001,835,008 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT

[2010/02/16 09:58:37 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/02/16 09:58:37 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/02/16 07:03:15 | 000,004,301 | ---- | M] () -- C:\Users\Marie\Documents\mycomputer.html

[2010/02/16 05:45:03 | 000,004,176 | ---- | M] () -- C:\Users\Marie\Documents\critical.html

[2010/02/15 12:05:43 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/02/15 12:04:32 | 000,689,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/02/15 12:04:32 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/02/15 12:04:32 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/02/15 11:58:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/02/15 11:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/02/15 11:57:55 | 000,524,288 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms

[2010/02/15 11:57:55 | 000,065,536 | -HS- | M] () -- C:\Users\Marie\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf

[2010/02/15 11:57:54 | 002,035,030 | -H-- | M] () -- C:\Users\Marie\AppData\Local\IconCache.db

[2010/02/15 09:25:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe

[2010/02/15 08:28:12 | 000,000,218 | ---- | M] () -- C:\Users\Marie\.recently-used.xbel

[2010/02/12 04:24:53 | 018,499,623 | ---- | M] () -- C:\Users\Marie\Documents\vlc-1.0.5-win32.exe

[2010/02/12 04:15:45 | 000,012,288 | ---- | M] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/10 00:53:11 | 000,000,751 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Philips GoGear VIBE Device Manager.lnk

[2010/02/09 06:12:14 | 000,000,803 | ---- | M] () -- C:\Users\Marie\Desktop\Trillian.lnk

[2010/02/08 20:52:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2010/02/08 20:52:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/02/08 20:52:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/02/08 20:52:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/02/03 02:16:57 | 000,000,447 | ---- | M] () -- C:\Windows\win.ini

[2010/01/30 22:14:36 | 000,000,763 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/01/30 22:03:07 | 000,001,657 | ---- | M] () -- C:\Users\Marie\Desktop\Mozilla Firefox.lnk

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/01/29 19:02:33 | 000,005,527 | ---- | M] () -- C:\Windows\System32\drivers\mycodec\25372031.gif

[2010/01/29 18:13:26 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\yibaravu

[2010/01/29 16:54:50 | 000,092,160 | ---- | M] () -- C:\Windows\System32\umstartup.etl

[2010/01/29 16:52:14 | 001,477,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/01/29 16:48:28 | 166,415,592 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/01/29 16:44:09 | 000,000,120 | ---- | M] () -- C:\Users\Marie\AppData\Local\Kfuface.dat

[2010/01/29 16:44:09 | 000,000,000 | ---- | M] () -- C:\Users\Marie\AppData\Local\Kdoqo.bin

[2010/01/29 16:38:12 | 000,000,705 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk

[2010/01/29 01:55:00 | 000,037,400 | ---- | M] () -- C:\Users\Marie\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/01/27 19:22:06 | 001,975,102 | ---- | M] (Installshield Software Corporation ) -- C:\Windows\System32\xa98599078.exe

[2010/01/27 19:22:06 | 001,975,102 | ---- | M] (Installshield Software Corporation ) -- C:\Windows\System32\xa98598843.exe

[2010/01/18 13:29:05 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\yibaravu

[2010/02/16 07:03:15 | 000,004,301 | ---- | C] () -- C:\Users\Marie\Documents\mycomputer.html

[2010/02/16 05:45:03 | 000,004,176 | ---- | C] () -- C:\Users\Marie\Documents\critical.html

[2010/02/15 12:01:49 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe

[2010/02/15 12:01:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/02/15 12:01:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/02/15 12:01:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/02/15 12:01:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/02/15 08:28:12 | 000,000,218 | ---- | C] () -- C:\Users\Marie\.recently-used.xbel

[2010/02/12 04:21:07 | 018,499,623 | ---- | C] () -- C:\Users\Marie\Documents\vlc-1.0.5-win32.exe

[2010/02/10 00:53:11 | 000,000,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System\Startup\Philips GoGear VIBE Device Manager.lnk

[2010/02/09 06:12:14 | 000,000,803 | ---- | C] () -- C:\Users\Marie\Desktop\Trillian.lnk

[2010/02/09 05:03:08 | 000,000,899 | ---- | C] () -- C:\Users\Marie\Desktop\Adobe Photoshop CS3.lnk

[2010/02/01 16:24:12 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/02/01 16:24:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/02/01 16:24:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/02/01 16:24:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/02/01 16:24:11 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2010/02/01 16:24:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/02/01 16:24:10 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/01/30 22:03:07 | 000,001,657 | ---- | C] () -- C:\Users\Marie\Desktop\Mozilla Firefox.lnk

[2010/01/29 19:40:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/01/29 19:40:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/01/29 19:02:33 | 000,005,527 | ---- | C] () -- C:\Windows\System32\drivers\mycodec\25372031.gif

[2010/01/29 16:44:09 | 000,000,120 | ---- | C] () -- C:\Users\Marie\AppData\Local\Kfuface.dat

[2010/01/29 16:44:09 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\Kdoqo.bin

[2010/01/29 16:38:12 | 000,000,705 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\61871.lnk

[2010/01/18 14:01:50 | 000,012,288 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/18 13:29:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010/01/18 13:20:50 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI

[2010/01/17 17:59:23 | 166,415,592 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2009/12/16 12:23:49 | 000,000,680 | ---- | C] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat

[2009/04/11 08:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2007/06/12 10:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\System32\WLAN.INI

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2003/09/23 07:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll

[2003/08/10 09:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll

[2003/08/08 19:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

[1999/07/06 19:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.