Continuing virus and error

[AutieEm]

hello

major help needed...I have had several ongoing issues since I first had the Total Security Virus, here is what I did in the beginning.

*security virus first apperance I downloaded the free Malwarebytes's Anti-Malware, seemed like it worked for a couple of weeks.

*during this time I started getting an RUNDLL Error (error loading C:\WINDOWS\axarayapeva.dll) everytime I logged in, didn't matter what user I was logged in under.

*was ignoring this issue (great idea, right)

*once again Total Security shows its ugly head. somehow got that to go away(kept running quick scans) to remove it.

*Decided to purchase the full Malwarebytes's Anti-Malware.....Im saved!! Or so I thought

*After purchase I was randomly getting pop-ups of threats that had been detected and had them quarantined. Malwarebytes seems to be running so its working right?

*Then in comes Total Security Virus once again which I thought my purchased Malwarebytes would have caught. After several attempts of killing this virus during which time I would get msg like Malware program is infected or it wouldn't even run or even when it did and listed the threats detected after removal and restarting computer it was still there.

* 4hrs later is seemed to be removed....but im still getting the RUNDLL Error (error loading C:\WINDOWS\axarayapeva.dll)

Please tell me.....what I think I already know. Still Infected? If so, what can I do to fix.

Ur help is much appreciated

[kahdah]

Hello AutieEm

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

  
  

  netsvcs
  
  
  %SYSTEMDRIVE%\*.*
  
  
  %systemroot%\*. /mp /s
  
  
  CREATERESTOREPOINT
  
  
  %systemroot%\system32\*.dll /lockedfiles
  
  
  %systemroot%\Tasks\*.job /lockedfiles
  
  
  %systemroot%\System32\config\*.sav
  
  
  %systemroot%\system32\drivers\*.sys /90
  
  
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  
  

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Download the following GMER Rootkit Scanner from Here

• Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  
• Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  
• It may take a minute to load and become available.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
  

  
  

• IAT/EAT
  
  
• Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  
  
• Show All (don't miss this one)

  
  

• Then click the Scan button & wait for it to finish.
  
• Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop
  
• **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  
• Click OK and quit the GMER program.
  
• Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  
• Post that log in your next reply.
  

[AutieEm]

A little confused, as I'm not to savvy when it comes to computer terms. But after downloading the randomly EXE file on to my desktop I'm ensuring that some boxes r UNchecked. U mention "typically only C:\should be checked" well all were checked. So I UNchecked the "show all" box as well as the IAT/EAT box. What r Drives/Partition other than Systemdrive? So should everything be UNchecked OTHER than C:\ ?

[AutieEm]

Ok now on top of the questions I had above ^ my computer is now freezing up/slowing down while waiting for the next step. Is this because I haven't selected what to do next or some other issue?

[kahdah]

A little confused, as I'm not to savvy when it comes to computer terms. But after downloading the randomly EXE file on to my desktop I'm ensuring that some boxes r UNchecked. U mention "typically only C:\should be checked" well all were checked. So I UNchecked the "show all" box as well as the IAT/EAT box. What r Drives/Partition other than Systemdrive? So should everything be UNchecked OTHER than C:\ ?

The box next to these should be unchecked :

IAT/EAT

Drives/Partition other than Systemdrive (typically only C:\ should be checked) leaving only C:\ checked.

Show all.

All of the above should be unchecked.

All of the others leave checked.

As far as the computer slowness try rebooting it.

Please note you will have to wait for my replies as I am not an employee of malwarebytes but simply a volunteer please be patient as I cannot always give speedy replies.

I will need to see the logs before I can determine anything.

[AutieEm]

I did reboot and ended up running in safe mode w/networking. Here are the 3 files, the last scan GMER program took approx. 5-6hrs wasn't sure if that was normal.

#1

OTL logfile created on: 7/12/2010 8:53:20 PM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Jenna\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 496.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.33 Gb Total Space | 66.49 Gb Free Space | 45.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JENNIFER-40E25D

Current User Name: Jenna

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jenna\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe (Creative Home)

PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jenna\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (lxcr_device) -- C:\WINDOWS\System32\lxcrcoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (diskchk) -- C:\WINDOWS\System32\diskchk.sys File not found

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{35EEB22F-F73A-4F04-97DA-B49F74A30083} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {15504F53-3B01-4840-AA5E-67AD444DDE4E}:1.9.1

FF - prefs.js..extensions.enabledItems: {DC446B72-1366-4697-9B89-DAD39109BDD4}:1.9.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 18:36:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 14:13:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/11 18:07:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/10 22:23:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{15504F53-3B01-4840-AA5E-67AD444DDE4E}: C:\Documents and Settings\Jenna\Local Settings\Application Data\{15504F53-3B01-4840-AA5E-67AD444DDE4E} [2010/04/14 23:01:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{DC446B72-1366-4697-9B89-DAD39109BDD4}: C:\Documents and Settings\Annabelle\Local Settings\Application Data\{DC446B72-1366-4697-9B89-DAD39109BDD4} [2010/04/15 09:46:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 19:01:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 20:45:21 | 000,000,000 | ---D | M]

[2010/03/29 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions

[2009/11/11 00:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/02/17 08:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/03/29 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions\uploadr@flickr.com

[2010/07/03 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\8z5p9mdl.default\extensions

[2010/04/14 23:17:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\8z5p9mdl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/14 23:18:03 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\8z5p9mdl.default\searchplugins\mywebsearch.xml

[2010/07/03 17:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/11 00:20:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/12/08 21:17:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/03/19 21:21:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2009/11/02 22:23:26 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/02 22:23:27 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/12/17 17:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/02 22:23:28 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/11/02 20:16:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/11/02 20:16:17 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/04/14 23:18:02 | 000,001,353 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2009/11/02 20:16:17 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/11/02 20:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/11/02 20:16:17 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/11/02 20:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/11/02 20:16:17 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll File not found

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Freecause Toolbar BHO) - {FDA12D79-CADF-489C-B348-02804C3FA82B} - C:\Program Files\SeaGarden\Toolbar.dll ()

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (SeaGarden) - {11D43B59-21AD-4F3F-8706-D3D7A5E7A5EE} - C:\Program Files\SeaGarden\Toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (SeaGarden) - {11D43B59-21AD-4F3F-8706-D3D7A5E7A5EE} - C:\Program Files\SeaGarden\Toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Vjome] C:\WINDOWS\axarayapeva.DLL File not found

O4 - HKCU..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [PPAP] C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe (Creative Home)

O4 - Startup: C:\Documents and Settings\Jenna\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

O4 - Startup: C:\Documents and Settings\Jenna\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Family%20Feud%202/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/17 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\System32\Iasex.dll File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (56871556046913536)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 20:50:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jenna\Desktop\OTL.exe

[2010/07/11 17:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2010/07/10 15:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\btswiknan

[2010/07/08 20:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync

[2010/07/08 20:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/07/05 17:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\AskToolbar

[2010/07/05 11:41:13 | 000,000,000 | ---D | C] -- C:\searchplugins

[2010/07/05 11:41:08 | 000,000,000 | ---D | C] -- C:\FIND_MOZ_EXT

[2010/07/05 11:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2010/07/04 20:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes

[2010/07/04 11:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJ

[2010/07/04 11:30:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX

[2010/07/04 11:29:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSDU

[2010/07/04 10:59:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2010/07/04 02:01:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu

[2010/07/04 00:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2010/07/03 23:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001

[2010/07/03 23:23:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2010/07/03 23:03:19 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340C.dll

[2010/07/03 23:03:19 | 000,307,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340L.dll

[2010/07/03 23:03:19 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340I.dll

[2010/07/03 23:03:19 | 000,102,400 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340U.dll

[2010/07/03 23:03:19 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll

[2010/07/03 22:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000

[2010/07/03 22:13:30 | 000,168,448 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFMSk.EXE

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkSE.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkRU.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkPT.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkPL.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkNL.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkIT.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkID.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkGR.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkFR.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkFI.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkES.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkDE.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkUS.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkTR.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkTH.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkNO.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkKR.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkHU.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkDK.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkCZ.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkAR.DLL

[2010/07/03 22:13:30 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkTW.DLL

[2010/07/03 22:13:30 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkJP.DLL

[2010/07/03 22:13:30 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkCN.DLL

[2010/07/03 22:13:29 | 000,296,960 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCF2Lk.DLL

[2010/07/03 22:13:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/07/03 22:13:12 | 000,276,992 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMA5.DLL

[2010/07/03 22:13:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information

[2010/07/03 22:12:59 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC340O.dll

[2010/07/03 22:12:56 | 000,179,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUA5.DLL

[2010/07/03 22:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2010/07/03 22:12:20 | 000,137,216 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL

[2010/07/03 22:12:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING

[2010/07/03 22:12:19 | 000,354,816 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL

[2010/07/03 22:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CHM

[2010/07/03 14:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\kipivkquv

[2010/07/02 22:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\qkhyiduno

[2010/07/02 21:33:59 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS

[2010/07/02 21:15:57 | 000,000,000 | ---D | C] -- C:\Netgear

[2010/07/02 17:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\iqhjhvvki

[2006/02/20 14:44:44 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll

[2006/02/20 14:36:06 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll

[2006/02/20 14:24:30 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll

[2006/02/20 14:23:16 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll

[2006/02/20 14:22:16 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll

[2006/02/20 14:21:22 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll

[2006/02/20 14:15:16 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll

[2006/02/20 14:06:52 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll

[2006/02/20 14:03:02 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jenna\My Documents\*.tmp files -> C:\Documents and Settings\Jenna\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 21:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/07/12 21:00:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/07/12 20:50:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jenna\Desktop\OTL.exe

[2010/07/12 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010/07/12 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/07/12 18:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010/07/12 17:00:03 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010/07/12 16:54:27 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Jenna\NTUSER.DAT

[2010/07/12 16:54:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jenna\ntuser.ini

[2010/07/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010/07/12 15:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/07/12 15:00:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010/07/12 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010/07/12 13:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010/07/12 12:05:00 | 061,916,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/07/12 12:00:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/07/12 12:00:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/07/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010/07/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010/07/12 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/07/12 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/07/11 23:00:53 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010/07/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/07/11 19:47:44 | 000,018,343 | ---- | M] () -- C:\Documents and Settings\Jenna\My Documents\resume2.docx

[2010/07/11 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010/07/10 16:11:10 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/07/10 16:08:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/09 23:38:19 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\Jenna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/09 21:18:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/07/09 11:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010/07/09 10:18:01 | 000,157,056 | ---- | M] () -- C:\Documents and Settings\Jenna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/07/09 10:01:04 | 000,477,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/08 20:46:23 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/07/08 20:45:32 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/07/06 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010/07/06 09:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010/07/03 23:58:16 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series User Registration.LNK

[2010/07/03 23:57:41 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk

[2010/07/03 23:57:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/07/03 23:55:24 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk

[2010/07/03 23:54:52 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk

[2010/07/03 23:54:31 | 000,001,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series On-screen Manual.lnk

[2010/07/02 22:12:38 | 000,006,333 | ---- | M] () -- C:\Documents and Settings\Jenna\Desktop\Router_Setup.html

[2010/07/02 00:24:13 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Jenna\My Documents\spider.sav

[2010/06/28 17:31:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/23 23:58:26 | 000,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/23 23:58:26 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/23 23:58:26 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/22 00:00:06 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Jenna\Desktop\Sony Ericsson WTA Tour Women's Tennis News, Tournaments, Videos, Scores and Player Info.url

[2010/06/21 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010/06/17 01:47:52 | 006,083,397 | ---- | M] () -- C:\Documents and Settings\Jenna\My Documents\View Full Bill - AT&T.mht

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jenna\My Documents\*.tmp files -> C:\Documents and Settings\Jenna\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 16:08:27 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/07/05 11:41:13 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/07/03 23:57:27 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/07/03 23:55:24 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk

[2010/07/03 23:03:19 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\CNC1741D.TBL

[2010/07/03 22:24:43 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series User Registration.LNK

[2010/07/03 22:16:26 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk

[2010/07/03 22:14:26 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk

[2010/07/03 22:14:09 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series On-screen Manual.lnk

[2010/07/02 22:12:39 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\Jenna\Desktop\Router Login.url

[2010/07/02 22:12:38 | 000,006,333 | ---- | C] () -- C:\Documents and Settings\Jenna\Desktop\Router_Setup.html

[2010/07/02 00:24:13 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Jenna\My Documents\spider.sav

[2010/06/17 01:47:44 | 006,083,397 | ---- | C] () -- C:\Documents and Settings\Jenna\My Documents\View Full Bill - AT&T.mht

[2010/05/02 17:52:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/05/02 17:52:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/03/05 20:29:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2009/06/04 18:10:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll

[2009/05/04 15:03:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2009/05/04 14:53:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll

[2009/05/04 14:53:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll

[2009/01/12 00:57:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2008/11/23 23:24:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2008/11/23 23:24:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2008/11/23 23:22:29 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll

[2008/11/23 23:21:30 | 000,303,104 | R--- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll

[2008/11/03 21:10:09 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2008/08/18 00:16:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/08/17 23:56:16 | 000,000,462 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/12/06 13:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/03/06 12:51:28 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll

[2006/03/06 12:48:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll

[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll

[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/07/08 03:11:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll

[2004/08/10 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/10 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/10 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/10 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/10 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/05 09:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/02/11 18:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/03/05 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund

[2010/07/03 22:13:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/07/04 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ

[2010/07/03 23:23:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2010/07/04 11:30:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX

[2010/07/04 10:59:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2010/07/05 18:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2010/07/04 11:29:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSDU

[2010/07/03 22:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000

[2010/07/03 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001

[2010/07/04 02:01:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu

[2008/08/17 22:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2010/04/11 00:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2008/12/09 13:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2008/12/09 13:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2009/01/24 21:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2009/11/28 22:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development

[2010/01/02 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA

[2010/06/06 16:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2010/05/02 17:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar

[2010/05/02 17:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager

[2010/03/30 22:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/11/23 23:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2008/10/23 18:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\alot

[2008/11/25 20:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008/08/28 16:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\DNA

[2010/03/29 16:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Flickr

[2010/04/21 22:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\GetRightToGo

[2008/11/03 20:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Leadertech

[2010/07/12 20:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\LimeWire

[2010/01/02 03:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\PPLiveVA

[2008/09/27 16:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Snapfish

[2010/03/05 19:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Wal-Mart Digital Photo Viewer

[2009/09/07 15:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\XemiComputers

[2010/07/12 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/07/06 09:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/07/06 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/07/09 11:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2010/07/11 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/07/12 13:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2010/07/12 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/07/12 15:00:06 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2010/07/12 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2010/07/12 17:00:03 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2010/07/12 18:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/07/12 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/07/12 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2010/07/12 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/07/12 21:00:08 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/07/11 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/07/11 23:00:53 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2010/07/12 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2010/07/12 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/05/29 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2010/05/30 05:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2010/05/30 06:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2010/05/29 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/06/21 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

[2010/07/12 21:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/04/11 00:15:39 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt

[2008/08/17 22:03:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/08/17 21:57:09 | 000,000,209 | -HS- | M] () -- C:\boot.ini

[2008/08/17 22:03:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2001/09/05 22:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2008/08/17 22:03:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/02/13 00:33:13 | 000,000,178 | ---- | M] () -- C:\lxcr.log

[2010/02/23 10:37:08 | 000,012,923 | ---- | M] () -- C:\lxcrscan.log

[2008/08/17 22:03:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/12/10 10:39:22 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/07/12 12:00:14 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

[2010/07/03 19:25:29 | 000,000,475 | ---- | M] () -- C:\rkill.log

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2008/12/09 20:27:06 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/08/17 14:49:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2008/08/17 14:49:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2008/08/17 14:49:10 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/06/02 12:02:06 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys

[2010/06/02 12:02:06 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009/12/08 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA5.DLL

[2009/12/08 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA5.DLL

[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/01/12 09:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B7A22351

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5E196FE2

< End of report >

#2

OTL Extras logfile created on: 7/12/2010 8:53:20 PM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Jenna\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 496.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.33 Gb Total Space | 66.49 Gb Free Space | 45.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JENNIFER-40E25D

Current User Name: Jenna

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found

"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found

"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\SeaGarden\TroubleShooter.exe" = C:\Program Files\SeaGarden\TroubleShooter.exe:*:Enabled:SeaGarden (Helper) -- (FreeCause Inc.)

"C:\Program Files\SeaGarden\ToolbarUpdate.exe" = C:\Program Files\SeaGarden\ToolbarUpdate.exe:*:Enabled:SeaGarden (Update) -- (FreeCause Inc.)

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()

"C:\Program Files\PPLiveVA\PPLiveVA.exe" = C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA -- File not found

"C:\Program Files\PPLiveVA\FlvPick.exe" = C:\Program Files\PPLiveVA\FlvPick.exe:*:Enabled:FlvPick -- File not found

"C:\Program Files\PPLiveVA\CrashUpload.exe" = C:\Program Files\PPLiveVA\CrashUpload.exe:*:Enabled:CrashUpload -- File not found

"C:\Program Files\PPLiveVA\Download.exe" = C:\Program Files\PPLiveVA\Download.exe:*:Enabled:Download -- File not found

"C:\Program Files\PPLiveVA\DownloadProgress.exe" = C:\Program Files\PPLiveVA\DownloadProgress.exe:*:Enabled:DownloadProgress -- File not found

"C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe" = C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe:*:Enabled:PPAP -- File not found

"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found

"C:\Program Files\PPLive\PPLiveU.exe" = C:\Program Files\PPLive\PPLiveU.exe:*:Enabled:PPLiveU -- File not found

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- (Adobe Systems Incorporated)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 18

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy

"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1

"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support

"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe

"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{DD040AAA-F295-492B-AD91-C8DC24488273}" = Photo Explosion Special Edition

"{E7875036-3CFC-4F0F-A470-8EADFFE43F6C}" = Hallmark Card Studio Express

"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin

"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"555 Games XP Championship" = 555 Games XP Championship

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"ATT-PRT22" = ATT-PRT22

"ATT-RemoteControl" = ATT-RemoteControl

"AVG9Uninstall" = AVG Free 9.0

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"Canon MX340 series User Registration" = Canon MX340 series User Registration

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CSCLIB" = Canon Camera Support Core Library

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"EOS Utility" = Canon Utilities EOS Utility

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Flickr Uploadr" = Flickr Uploadr 3.2.1

"HaaliMkx" = Haali Media Splitter

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Lexmark 2400 Series" = Lexmark 2400 Series

"Lexmark Fax Solutions" = Lexmark Fax Solutions

"LimeWire" = LimeWire 5.5.10

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mavis Beacon Teaches Typing 17" = Mavis Beacon Teaches Typing 17

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.

1" = Adobe Photoshop.com Inspiration Browser

"PhotoStitch" = Canon Utilities PhotoStitch

"PROSet" = Intel® PRO Network Connections Drivers

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"SeaGarden" = SeaGarden

"Speed Dial Utility" = Canon Speed Dial Utility

"TDC13E0_2009_0603_1515_is1" = Uninstall Dual Mode Camera (TDC13E0)

"Vivitar Experience Image Manager" = Vivitar Experience Image Manager

"VLC media player" = VLC media player 1.0.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/4/2010 12:54:08 PM | Computer Name = JENNIFER-40E25D | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/4/2010 12:54:08 PM | Computer Name = JENNIFER-40E25D | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/4/2010 12:54:08 PM | Computer Name = JENNIFER-40E25D | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/4/2010 12:54:09 PM | Computer Name = JENNIFER-40E25D | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/4/2010 12:54:10 PM | Computer Name = JENNIFER-40E25D | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/10/2010 1:43:38 AM | Computer Name = JENNIFER-40E25D | Source = Bonjour Service | ID = 100

Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 7/10/2010 1:43:38 AM | Computer Name = JENNIFER-40E25D | Source = Bonjour Service | ID = 100

Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 7/10/2010 1:43:38 AM | Computer Name = JENNIFER-40E25D | Source = Bonjour Service | ID = 100

Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 7/10/2010 1:43:38 AM | Computer Name = JENNIFER-40E25D | Source = Bonjour Service | ID = 100

Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 7/10/2010 1:43:38 AM | Computer Name = JENNIFER-40E25D | Source = Bonjour Service | ID = 100

Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

[ System Events ]

Error - 7/3/2010 8:09:11 PM | Computer Name = JENNIFER-40E25D | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/3/2010 9:00:00 PM | Computer Name = JENNIFER-40E25D | Source = Schedule | ID = 7901

Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 7/4/2010 12:05:24 AM | Computer Name = JENNIFER-40E25D | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the stisvc service.

Error - 7/4/2010 12:05:57 AM | Computer Name = JENNIFER-40E25D | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the stisvc service.

Error - 7/4/2010 12:06:27 AM | Computer Name = JENNIFER-40E25D | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the stisvc service.

Error - 7/4/2010 12:13:06 AM | Computer Name = JENNIFER-40E25D | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the stisvc service.

Error - 7/10/2010 5:54:28 PM | Computer Name = JENNIFER-40E25D | Source = DCOM | ID = 10010

Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register

with DCOM within the required timeout.

Error - 7/10/2010 5:54:59 PM | Computer Name = JENNIFER-40E25D | Source = DCOM | ID = 10010

Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register

with DCOM within the required timeout.

Error - 7/10/2010 5:55:30 PM | Computer Name = JENNIFER-40E25D | Source = DCOM | ID = 10010

Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register

with DCOM within the required timeout.

Error - 7/11/2010 1:00:00 PM | Computer Name = JENNIFER-40E25D | Source = Schedule | ID = 7901

Description = The At13.job command failed to start due to the following error: %%2147942402

< End of report >

#3

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-07-13 09:48:19

Windows 5.1.2600 Service Pack 3

Running: zzwxjpzw.exe; Driver: C:\DOCUME~1\Jenna\LOCALS~1\Temp\afrdrpod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

[kahdah]

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

For you this is referring to Limewire and Bit torrent.

Please uninstall those programs before proceeding.

==============

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O4 - HKLM..\Run: [Vjome] C:\WINDOWS\axarayapeva.DLL File not found
  O4 - HKCU..\Run: [PPAP] C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe File not found
  [2010/07/10 15:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\btswiknan
  [2010/07/03 14:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\kipivkquv
  [2010/07/02 22:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\qkhyiduno
  [2010/07/02 17:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jenna\Local Settings\Application Data\iqhjhvvki
  
  :files
  C:\Windows\at*.job
  
  :reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "C:\Program Files\LimeWire\LimeWire.exe"=-
  "C:\Program Files\DNA\btdna.exe"=-
  "C:\Program Files\BitTorrent\bittorrent.exe"=-
  "C:\Program Files\PPLiveVA\PPLiveVA.exe"=-
  "C:\Program Files\PPLiveVA\FlvPick.exe"=-
  "C:\Program Files\PPLiveVA\CrashUpload.exe"=-
  "C:\Program Files\PPLiveVA\Download.exe"=-
  "C:\Program Files\PPLiveVA\DownloadProgress.exe"=-
  "C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe"=-
  "C:\Program Files\PPLive\PPLive.exe"=-
  "C:\Program Files\PPLive\PPLiveU.exe"=-
  
  :Commands
  [emptytemp]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• It will produce a log for you on reboot, please post that log in your next reply.
  

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[AutieEm]

just double checking...I've removed limewire as to the bit torrent it wasn't located in the Add/Remove Programs. I had to run a search to find it, is there supposed to be an option to unistall? Because when found I can only delete. Or are you refering to the vlc player to unistall? Sorry im just unsure of how or where to unistall/remove from.

[AutieEm]

I have searched in the Program files and haven't located the Bit Torrent you mentioned. Is there any other way for me uninstall this file. And if so how will I know if its gone since I can't seem to find at all.

[kahdah]

That is fine it has probably been uninstalled previously.

Please proceed to the next steps.

[AutieEm]

Umm quick question, the log that came up after running OTL, i might have closed it without saving. Is there anyway to retrieve it?

[kahdah]

Yes it is saved in this location.

C:\_OTL\Moved Files\*.txt where the * stands for todays date and time.

[AutieEm]

After running the ESET there is an option to delete quaratined files...do I need to do this?

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Vjome deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PPAP deleted successfully.

C:\Documents and Settings\Jenna\Local Settings\Application Data\btswiknan folder moved successfully.

C:\Documents and Settings\Jenna\Local Settings\Application Data\kipivkquv folder moved successfully.

C:\Documents and Settings\Jenna\Local Settings\Application Data\qkhyiduno folder moved successfully.

C:\Documents and Settings\Jenna\Local Settings\Application Data\iqhjhvvki folder moved successfully.

========== FILES ==========

File\Folder C:\Windows\at*.job not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLiveVA\PPLiveVA.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLiveVA\FlvPick.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLiveVA\CrashUpload.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLiveVA\Download.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLiveVA\DownloadProgress.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\PPLiveVA\Application\PPAP.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLive\PPLive.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PPLive\PPLiveU.exe deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 546880 bytes

->Temporary Internet Files folder emptied: 12352474 bytes

->FireFox cache emptied: 3491094 bytes

->Flash cache emptied: 405 bytes

User: All Users

User: Annabelle

->Temp folder emptied: 73353738 bytes

->Temporary Internet Files folder emptied: 4126075 bytes

->Java cache emptied: 37912976 bytes

->Flash cache emptied: 206780 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41085 bytes

User: family

User: Family.JENNIFER-40E25D

->Temp folder emptied: 49632 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 51065 bytes

User: Guest

->Temp folder emptied: 7171444 bytes

->Temporary Internet Files folder emptied: 60676030 bytes

->Java cache emptied: 56514 bytes

->Google Chrome cache emptied: 6273799 bytes

->Apple Safari cache emptied: 1144453 bytes

->Flash cache emptied: 68299 bytes

User: Jenna

->Temp folder emptied: 748697799 bytes

->Temporary Internet Files folder emptied: 179315527 bytes

->Java cache emptied: 54583505 bytes

->FireFox cache emptied: 43854437 bytes

->Flash cache emptied: 1943529 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 4918284 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 17962253 bytes

->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1258425 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 549074702 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64924676 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59532 bytes

RecycleBin emptied: 95912511 bytes

Total Files Cleaned = 1,879.00 mb

OTL by OldTimer - Version 3.2.9.0 log created on 07132010_191328

Files\Folders moved on Reboot...

C:\Documents and Settings\Jenna\Local Settings\Temporary Internet Files\Content.IE5\4S0TK937\iframe[1].htm moved successfully.

C:\Documents and Settings\Jenna\Local Settings\Temporary Internet Files\Content.IE5\4S0TK937\index[8].htm moved successfully.

Registry entries deleted on Reboot...

MBAM Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4310

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/13/2010 8:26:16 PM

mbam-log-2010-07-13 (20-26-16).txt

Scan type: Quick scan

Objects scanned: 169052

Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=0ca42f049901cf4ba939e0f3471ac6c6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-07-14 02:58:42

# local_time=2010-07-13 09:58:42 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 13060999 13060999 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=112028

# found=2

# cleaned=2

# scan_time=2883

C:\Documents and Settings\Annabelle\My Documents\LimeWire\Saved\cynder lyper.wma probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jenna\My Documents\LimeWire\Saved\wta 2009 warsaw r1 sharapova - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

[kahdah]

Yes you can do that.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Files
  C:\Windows\tasks\at*.job

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  
• Please post that log in your next reply.
  

================================Follow up scan=================================

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

[AutieEm]

========== FILES ==========

C:\Windows\tasks\At1.job moved successfully.

C:\Windows\tasks\At10.job moved successfully.

C:\Windows\tasks\At11.job moved successfully.

C:\Windows\tasks\At12.job moved successfully.

C:\Windows\tasks\At13.job moved successfully.

C:\Windows\tasks\At14.job moved successfully.

C:\Windows\tasks\At15.job moved successfully.

C:\Windows\tasks\At16.job moved successfully.

C:\Windows\tasks\At17.job moved successfully.

C:\Windows\tasks\At18.job moved successfully.

C:\Windows\tasks\At19.job moved successfully.

C:\Windows\tasks\At2.job moved successfully.

C:\Windows\tasks\At20.job moved successfully.

C:\Windows\tasks\At21.job moved successfully.

C:\Windows\tasks\At22.job moved successfully.

C:\Windows\tasks\At23.job moved successfully.

C:\Windows\tasks\At24.job moved successfully.

C:\Windows\tasks\At3.job moved successfully.

C:\Windows\tasks\At4.job moved successfully.

C:\Windows\tasks\At5.job moved successfully.

C:\Windows\tasks\At6.job moved successfully.

C:\Windows\tasks\At7.job moved successfully.

C:\Windows\tasks\At8.job moved successfully.

C:\Windows\tasks\At9.job moved successfully.

OTL by OldTimer - Version 3.2.9.0 log created on 07142010_075504

OTL logfile created on: 7/14/2010 8:00:48 AM - Run 2

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Jenna\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 481.00 Mb Available Physical Memory | 47.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.33 Gb Total Space | 68.22 Gb Free Space | 46.94% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JENNIFER-40E25D

Current User Name: Jenna

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jenna\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe (Creative Home)

PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jenna\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (lxcr_device) -- C:\WINDOWS\System32\lxcrcoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (diskchk) -- C:\WINDOWS\System32\diskchk.sys File not found

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/

IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{35EEB22F-F73A-4F04-97DA-B49F74A30083} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {15504F53-3B01-4840-AA5E-67AD444DDE4E}:1.9.1

FF - prefs.js..extensions.enabledItems: {DC446B72-1366-4697-9B89-DAD39109BDD4}:1.9.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 18:36:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 14:13:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/11 18:07:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/10 22:23:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{15504F53-3B01-4840-AA5E-67AD444DDE4E}: C:\Documents and Settings\Jenna\Local Settings\Application Data\{15504F53-3B01-4840-AA5E-67AD444DDE4E} [2010/04/14 23:01:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{DC446B72-1366-4697-9B89-DAD39109BDD4}: C:\Documents and Settings\Annabelle\Local Settings\Application Data\{DC446B72-1366-4697-9B89-DAD39109BDD4} [2010/04/15 09:46:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 19:01:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 20:45:21 | 000,000,000 | ---D | M]

[2010/03/29 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions

[2009/11/11 00:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/02/17 08:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/03/29 16:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Extensions\uploadr@flickr.com

[2010/07/03 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\8z5p9mdl.default\extensions

[2010/04/14 23:17:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\8z5p9mdl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/14 23:18:03 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\Jenna\Application Data\Mozilla\Firefox\Profiles\8z5p9mdl.default\searchplugins\mywebsearch.xml

[2010/07/03 17:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/11 00:20:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/12/08 21:17:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/03/19 21:21:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2009/11/02 22:23:26 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/02 22:23:27 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/12/17 17:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/02 22:23:28 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/03/30 22:09:25 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2009/11/02 20:16:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/11/02 20:16:17 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/04/14 23:18:02 | 000,001,353 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2009/11/02 20:16:17 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/11/02 20:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/11/02 20:16:17 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/11/02 20:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/11/02 20:16:17 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll File not found

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Freecause Toolbar BHO) - {FDA12D79-CADF-489C-B348-02804C3FA82B} - C:\Program Files\SeaGarden\Toolbar.dll ()

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (SeaGarden) - {11D43B59-21AD-4F3F-8706-D3D7A5E7A5EE} - C:\Program Files\SeaGarden\Toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (SeaGarden) - {11D43B59-21AD-4F3F-8706-D3D7A5E7A5EE} - C:\Program Files\SeaGarden\Toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe File not found

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExpressPLNRnote.lnk = C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe (Creative Home)

O4 - Startup: C:\Documents and Settings\Jenna\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Family%20Feud%202/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/17 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 21:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/07/13 19:13:28 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/07/12 23:25:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2010/07/12 20:50:58 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jenna\Desktop\OTL.exe

[2010/07/11 17:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2010/07/08 20:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync

[2010/07/08 20:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/07/05 11:41:13 | 000,000,000 | ---D | C] -- C:\searchplugins

[2010/07/05 11:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2010/07/04 20:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes

[2010/07/04 11:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJ

[2010/07/04 11:30:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX

[2010/07/04 11:29:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSDU

[2010/07/04 10:59:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2010/07/04 02:01:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu

[2010/07/04 00:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

[2010/07/03 23:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001

[2010/07/03 23:23:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2010/07/03 23:03:19 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340C.dll

[2010/07/03 23:03:19 | 000,307,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340L.dll

[2010/07/03 23:03:19 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340I.dll

[2010/07/03 23:03:19 | 000,102,400 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC340U.dll

[2010/07/03 23:03:19 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll

[2010/07/03 22:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000

[2010/07/03 22:13:30 | 000,168,448 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFMSk.EXE

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkSE.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkRU.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkPT.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkPL.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkNL.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkIT.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkID.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkGR.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkFR.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkFI.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkES.DLL

[2010/07/03 22:13:30 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkDE.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkUS.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkTR.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkTH.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkNO.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkKR.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkHU.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkDK.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkCZ.DLL

[2010/07/03 22:13:30 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkAR.DLL

[2010/07/03 22:13:30 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkTW.DLL

[2010/07/03 22:13:30 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkJP.DLL

[2010/07/03 22:13:30 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLkCN.DLL

[2010/07/03 22:13:29 | 000,296,960 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCF2Lk.DLL

[2010/07/03 22:13:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/07/03 22:13:12 | 000,276,992 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMA5.DLL

[2010/07/03 22:13:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information

[2010/07/03 22:12:59 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC340O.dll

[2010/07/03 22:12:56 | 000,179,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUA5.DLL

[2010/07/03 22:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2010/07/03 22:12:20 | 000,137,216 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL

[2010/07/03 22:12:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING

[2010/07/03 22:12:19 | 000,354,816 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL

[2010/07/03 22:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CHM

[2010/07/02 21:33:59 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS

[2010/07/02 21:15:57 | 000,000,000 | ---D | C] -- C:\Netgear

[2006/02/20 14:44:44 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll

[2006/02/20 14:36:06 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll

[2006/02/20 14:24:30 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll

[2006/02/20 14:23:16 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll

[2006/02/20 14:22:16 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll

[2006/02/20 14:21:22 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll

[2006/02/20 14:15:16 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll

[2006/02/20 14:06:52 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll

[2006/02/20 14:03:02 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll

[1 C:\Documents and Settings\Jenna\My Documents\*.tmp files -> C:\Documents and Settings\Jenna\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/14 07:51:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/07/14 07:51:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/07/14 02:01:35 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Jenna\NTUSER.DAT

[2010/07/14 02:01:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jenna\ntuser.ini

[2010/07/13 20:07:02 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Jenna\Desktop\Shortcut to 07132010_191328.lnk

[2010/07/13 15:21:22 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/07/13 10:44:19 | 061,941,747 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/07/12 21:19:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Jenna\Desktop\zzwxjpzw.exe

[2010/07/12 20:50:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jenna\Desktop\OTL.exe

[2010/07/12 15:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/07/11 19:47:44 | 000,018,343 | ---- | M] () -- C:\Documents and Settings\Jenna\My Documents\resume2.docx

[2010/07/10 16:11:10 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/07/10 16:08:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/09 23:38:19 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\Jenna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/07/09 21:18:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/07/09 10:18:01 | 000,157,056 | ---- | M] () -- C:\Documents and Settings\Jenna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/07/09 10:01:04 | 000,477,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/08 20:46:23 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/07/08 20:45:32 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/07/03 23:58:16 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series User Registration.LNK

[2010/07/03 23:57:41 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk

[2010/07/03 23:57:27 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/07/03 23:55:24 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk

[2010/07/03 23:54:52 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk

[2010/07/03 23:54:31 | 000,001,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series On-screen Manual.lnk

[2010/07/02 22:12:38 | 000,006,333 | ---- | M] () -- C:\Documents and Settings\Jenna\Desktop\Router_Setup.html

[2010/07/02 00:24:13 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Jenna\My Documents\spider.sav

[2010/06/28 17:31:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/23 23:58:26 | 000,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/23 23:58:26 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/23 23:58:26 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/22 00:00:06 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Jenna\Desktop\Sony Ericsson WTA Tour Women's Tennis News, Tournaments, Videos, Scores and Player Info.url

[2010/06/17 01:47:52 | 006,083,397 | ---- | M] () -- C:\Documents and Settings\Jenna\My Documents\View Full Bill - AT&T.mht

[1 C:\Documents and Settings\Jenna\My Documents\*.tmp files -> C:\Documents and Settings\Jenna\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 20:07:02 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Jenna\Desktop\Shortcut to 07132010_191328.lnk

[2010/07/12 21:19:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jenna\Desktop\zzwxjpzw.exe

[2010/07/10 16:08:27 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Jenna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2010/07/03 23:57:27 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/07/03 23:55:24 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MP Navigator EX 3.1.lnk

[2010/07/03 23:03:19 | 000,014,592 | ---- | C] () -- C:\WINDOWS\System32\CNC1741D.TBL

[2010/07/03 22:24:43 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series User Registration.LNK

[2010/07/03 22:16:26 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Solution Menu.lnk

[2010/07/03 22:14:26 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon My Printer.lnk

[2010/07/03 22:14:09 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX340 series On-screen Manual.lnk

[2010/07/02 22:12:39 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\Jenna\Desktop\Router Login.url

[2010/07/02 22:12:38 | 000,006,333 | ---- | C] () -- C:\Documents and Settings\Jenna\Desktop\Router_Setup.html

[2010/07/02 00:24:13 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Jenna\My Documents\spider.sav

[2010/06/17 01:47:44 | 006,083,397 | ---- | C] () -- C:\Documents and Settings\Jenna\My Documents\View Full Bill - AT&T.mht

[2010/05/02 17:52:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/05/02 17:52:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/03/05 20:29:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2009/06/04 18:10:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll

[2009/05/04 15:03:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2009/05/04 14:53:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll

[2009/05/04 14:53:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll

[2009/01/12 00:57:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2008/11/23 23:24:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2008/11/23 23:24:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2008/11/23 23:22:29 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll

[2008/11/23 23:21:30 | 000,303,104 | R--- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll

[2008/11/03 21:10:09 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2008/08/18 00:16:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/08/17 23:56:16 | 000,000,462 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/12/06 13:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/03/06 12:51:28 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll

[2006/03/06 12:48:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll

[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll

[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/07/08 03:11:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B7A22351

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5E196FE2

< End of report >

[kahdah]

Great how are things running?

[AutieEm]

Great how are things running?

Great so far. I do have a question regarding the Malwarebytes pop-ups(something to the effect was blocking a potential threat) that come up every now and then. When it gives an option to quarantine, once quaratined should the threat show up in the quaratined log tab? Should I look out for stuff like this?

Thank You sooo much for your help

[kahdah]

You mean it is blocking a malicious website?

Open mbam go to the logs section and open the latest protection log.

Please post the contents of that log.

[AutieEm]

Even while I was running the Full Scan yesterday the detection below is the same one that shows up daily. It doesn't matter what website Im on or without the internet even open it pops up.

00:02:05 Jenna DETECTION C:\program files\internet explorer\wmpscfgs.exe Trojan.Agent QUARANTINE

00:02:06 Jenna ERROR Quarantine failed: UtilityReadFile failed with error code 2

00:15:15 Jenna ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

01:00:00 Jenna DETECTION C:\program files\internet explorer\wmpscfgs.exe Trojan.Agent DENY

01:15:00 Jenna ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

02:00:00 Jenna DETECTION C:\program files\internet explorer\wmpscfgs.exe Trojan.Agent DENY

07:52:17 Jenna MESSAGE Protection started successfully

07:52:21 Jenna MESSAGE IP Protection started successfully

08:15:09 Jenna MESSAGE Scheduled update executed successfully

08:15:09 Jenna MESSAGE IP Protection stopped

08:15:12 Jenna MESSAGE Scheduled scan executed successfully

08:15:19 Jenna MESSAGE Database updated successfully

08:15:21 Jenna MESSAGE IP Protection started successfully

09:15:08 Annabelle MESSAGE Scheduled update executed successfully

09:15:08 Annabelle MESSAGE IP Protection stopped

09:15:11 Annabelle MESSAGE Scheduled scan executed successfully

09:15:19 Annabelle MESSAGE Database updated successfully

09:15:21 Annabelle MESSAGE IP Protection started successfully

[kahdah]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  DRV - (diskchk) -- C:\WINDOWS\System32\diskchk.sys File not found
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
  IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
  IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
  IE - HKCU\..\URLSearchHook: *{35EEB22F-F73A-4F04-97DA-B49F74A30083} - Reg Error: Key error. File not found
  IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
  O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll File not found
  O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
  
  
  :Files
  C:\program files\internet explorer\wmpscfgs.exe

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  
• Please post that log in your next reply.
  

After doing the above reboot and see if then you still get the alerts.

[AutieEm]

========== OTL ==========

Service diskchk stopped successfully!

Service diskchk deleted successfully!

File C:\WINDOWS\System32\diskchk.sys File not found not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{35EEB22F-F73A-4F04-97DA-B49F74A30083} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{35EEB22F-F73A-4F04-97DA-B49F74A30083}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.

========== FILES ==========

File\Folder C:\program files\internet explorer\wmpscfgs.exe not found.

OTL by OldTimer - Version 3.2.9.0 log created on 07152010_063503

[kahdah]

Is mbam still detecting the threat same as before?

[AutieEm]

Is mbam still detecting the threat same as before?

Nope, so far so good. Is there anything I should look out for in the future?

Once again thanks for your help.

[kahdah]

Great I will post some prevention steps at the end of this post.

======Cleanup======

• Double click on OTL to run it.
  
• Click on the Cleanup button at the top.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  
• This will remove itself and other tools we may have used.
  

===============Update Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  
• Scroll down to where it says "(JRE) then click on it
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

[AutieEm]

Great

All set, I greatly appreciated your help getting me through this and crossing my fingers never to go down this road again.