Jump to content

Unable to update malwarebytes. unable to scan with malwarebytes


Recommended Posts

posted this in the general antimalware topics section, but didn't realize there is a hijackthis logs area. Sorry, new to the forum.

Hello, new to this forum.

I downloaded the freeversion of malwarebytes, as I'm being redirected to unwanted advertisement websites (particularly in mozilla). When I try to update the Malwarebytes antimalware, I get:

an error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)

When I scan with the antimalware, it stops midway through.

I scanned with HijackThis. Immediately a message comes up:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that hapens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot. For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.

When I click OK, it scans and the following log appears:

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe

C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe

C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe

C:\Program Files\lg_swupdate\GiljabiStart.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\LG Software\LG Magnifier\Maglev.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tre.it/business

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java

Link to post
Share on other sites

Hello ab911struse

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Hi there, and thanks for replying!

Here are the OTL scans

OTL.txt

OTL logfile created on: 28/09/2010 1:19:31 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kevin\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.88 Gb Total Space | 167.41 Gb Free Space | 72.19% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 29.80 Gb Total Space | 20.65 Gb Free Space | 69.30% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KEVIN-PC

Current User Name: Kevin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\lg_swupdate\GiljabiStart.exe (BIT LEADER)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe (LG Electronics Inc.)

PRC - C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe (LG Electronics)

PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)

PRC - C:\Program Files\LG Software\LG Magnifier\Maglev.exe (LG Electronics Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)

SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (vpnva) -- C:\Windows\System32\DRIVERS\vpnva.sys File not found

DRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (MEMSWEEP2) -- C:\Windows\System32\6F55.tmp File not found

DRV - (lgsnd_filter) -- C:\Windows\System32\drivers\lgsnd_filter.sys File not found

DRV - (lgodd_filter) -- C:\Windows\System32\drivers\lgodd_filter.sys File not found

DRV - (Lbd) -- C:\Windows\System32\DRIVERS\Lbd.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tre.it/business

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/09 11:50:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 16:11:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/22 16:11:19 | 000,000,000 | ---D | M]

[2008/09/14 12:47:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions

[2008/09/14 12:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/09/27 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\f7t9dd50.default\extensions

[2009/07/21 09:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\f7t9dd50.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008/05/24 07:31:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\f7t9dd50.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/09/22 16:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/22 16:11:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/09/25 17:56:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2008/10/11 15:04:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

[2008/05/23 21:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

[2008/09/14 12:49:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2008/12/02 23:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2010/07/25 17:05:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/06 12:05:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/09/14 17:02:44 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/14 17:02:44 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2008/06/27 15:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2010/09/14 17:02:44 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 18:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2008/06/11 20:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/08/13 07:24:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/08/13 07:24:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/08/13 07:24:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/08/13 07:24:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/08/13 07:25:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/13 07:25:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/08/13 07:25:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/09/14 15:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/09/14 15:09:10 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/09/14 15:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/09/14 15:09:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/09/14 15:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/09/14 15:09:10 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/09/14 15:09:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/09/14 15:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [batteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe (LG Electronics Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display Setup\HotKey.exe (LG Electronics)

O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)

O4 - HKLM..\Run: [LG Magnifier] C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe (LG Electronics Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: thompsonhealth.org ([ag] https in Local intranet)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.68 213.109.75.214 1.1.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O28 - HKLM ShellExecuteHooks: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - C:\Windows\System32\bmpsap.dll ()

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/28 03:39:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\ProcessExplorer

[2010/09/28 03:00:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/09/28 03:00:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/09/28 03:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/23 13:57:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/09/23 07:58:07 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2010/09/23 07:58:06 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/09/23 01:06:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\antispyware

[2010/09/23 00:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/09/23 00:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/09/22 16:35:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/09/22 16:35:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/09/22 16:35:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/09/22 16:35:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/09/22 16:35:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/09/22 16:35:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/09/22 16:35:27 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/09/22 16:35:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010/09/22 16:35:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010/09/22 16:35:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/09/22 16:35:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010/09/22 16:35:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/09/22 16:35:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010/09/22 16:35:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010/09/22 16:35:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010/09/22 16:34:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2010/09/22 16:34:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2010/09/22 16:34:20 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2010/09/22 16:34:20 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2010/09/22 16:34:20 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2010/09/22 16:34:20 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2010/09/22 16:34:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll

[2010/09/22 16:34:19 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2010/09/22 16:34:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2010/09/22 16:34:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010/09/22 16:34:18 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2010/09/22 16:34:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2010/09/22 16:34:17 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe

[2010/09/22 16:34:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2010/09/22 16:34:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2010/09/22 16:34:16 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/09/22 16:34:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2010/09/22 16:34:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2010/09/22 16:34:13 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/09/22 16:34:13 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2010/09/22 16:34:12 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2010/09/22 16:34:12 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe

[2010/09/22 16:34:12 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2010/09/22 16:34:12 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2010/09/22 16:34:12 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe

[2010/09/22 16:32:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2010/09/22 16:31:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2010/09/22 16:31:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2010/09/22 16:31:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2010/09/22 16:31:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2010/09/22 16:31:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2010/09/22 16:31:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2010/09/22 16:31:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2010/09/22 16:31:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2010/09/22 16:31:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2010/09/22 16:31:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2010/09/22 16:31:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2010/09/22 16:30:55 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2010/09/22 16:30:55 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2010/09/22 16:30:55 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2010/09/22 16:30:55 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2010/09/22 16:30:55 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2010/09/22 16:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/09/22 16:06:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2010/09/22 16:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/22 14:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/09/22 14:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/09/14 12:29:55 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL

[2010/09/10 04:12:46 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Barnes & Noble eBooks

[2010/09/10 04:12:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Digital Editions

[2010/09/10 04:12:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Barnes & Noble

[2010/09/10 04:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Barnes & Noble

[2010/09/08 20:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Graphmatica

[2010/09/08 20:36:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\SigmaPlot

[2010/09/08 19:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\GraphSight

[2010/09/08 02:56:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Kevin

[2010/09/04 11:17:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Prolife

[2010/09/02 13:52:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV

[2010/09/02 13:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ

[2010/09/02 13:42:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan

[2010/09/02 13:41:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Canon

[2010/09/01 13:12:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu

[2010/09/01 13:11:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter

[2010/09/01 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM

[2010/09/01 12:58:49 | 001,310,720 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC350C.dll

[2010/09/01 12:58:49 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC350L.dll

[2010/09/01 12:58:49 | 000,110,592 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC350I.dll

[2010/09/01 12:58:49 | 000,102,400 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC350U.dll

[2010/09/01 12:58:49 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll

[2010/09/01 12:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON

[2010/09/01 12:08:18 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information

[2010/09/01 12:06:16 | 000,277,504 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMA6.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlSE.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlRU.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlPT.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlPL.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlNL.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlIT.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlID.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlGR.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlFR.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlFI.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlES.DLL

[2010/09/01 12:05:33 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlDE.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlUS.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlTR.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlTH.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlNO.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlKR.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlHU.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlDK.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlCZ.DLL

[2010/09/01 12:05:33 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlAR.DLL

[2010/09/01 12:05:33 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlTW.DLL

[2010/09/01 12:05:33 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlJP.DLL

[2010/09/01 12:05:33 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLlCN.DLL

[2010/09/01 12:05:32 | 000,296,960 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCF2Ll.DLL

[2010/09/01 12:05:32 | 000,168,448 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFMSl.EXE

[2010/09/01 12:05:23 | 000,179,200 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMIUA6.DLL

[2010/09/01 12:05:12 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2010/09/01 12:05:03 | 000,137,216 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL

[2010/09/01 12:05:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING

[2010/09/01 12:05:02 | 000,354,816 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPPM.DLL

[2010/09/01 12:05:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\CHM

[2010/09/01 12:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

========== Files - Modified Within 30 Days ==========

[2010/09/28 13:18:32 | 003,145,728 | ---- | M] () -- C:\Users\Kevin\NTUSER.DAT

[2010/09/28 13:05:59 | 000,026,112 | ---- | M] () -- C:\Users\Kevin\Desktop\antispyware problems.doc

[2010/09/28 13:05:30 | 000,026,112 | ---- | M] () -- C:\Users\Kevin\Documents\antispyware problems.doc

[2010/09/28 13:04:04 | 000,002,627 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Office Word 2007.lnk

[2010/09/28 12:55:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/28 11:44:23 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/28 11:44:23 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/28 03:52:13 | 000,712,976 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/28 03:52:13 | 000,613,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/28 03:52:13 | 000,113,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/28 03:44:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/28 03:44:28 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job

[2010/09/28 03:44:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/28 03:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/28 03:44:17 | 2950,807,552 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/28 03:43:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/09/28 03:43:21 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b8cb7903-9efc-11dd-ae65-000df05273ac}.TMContainer00000000000000000001.regtrans-ms

[2010/09/28 03:43:21 | 000,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b8cb7903-9efc-11dd-ae65-000df05273ac}.TM.blf

[2010/09/28 03:43:09 | 002,633,454 | -H-- | M] () -- C:\Users\Kevin\AppData\Local\IconCache.db

[2010/09/28 03:00:25 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/26 04:19:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job

[2010/09/24 13:57:31 | 000,233,728 | ---- | M] () -- C:\Users\Kevin\Desktop\Breast ImagingRadNotice24Sept2010.pdf

[2010/09/22 16:43:38 | 000,000,953 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/09/22 16:11:21 | 000,001,758 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/22 16:11:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/09/16 16:27:14 | 000,000,680 | ---- | M] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat

[2010/09/13 13:58:35 | 000,007,168 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/08 20:36:39 | 000,000,204 | ---- | M] () -- C:\Windows\System32\yjhnoff.dll

[2010/09/08 20:36:39 | 000,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll

[2010/09/08 20:31:41 | 000,001,025 | ---- | M] () -- C:\Windows\System32\grcauth2.dll

[2010/09/08 20:31:41 | 000,001,025 | ---- | M] () -- C:\Windows\System32\grcauth1.dll

[2010/09/08 20:31:41 | 000,001,025 | ---- | M] () -- C:\Windows\System32\bnz4vca.tgz

[2010/09/08 20:31:41 | 000,001,025 | ---- | M] () -- C:\Windows\System32\bnz4vca.dll

[2010/09/08 20:31:40 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll

[2010/09/08 20:31:40 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll

[2010/09/08 20:31:40 | 000,000,072 | ---- | M] () -- C:\Windows\System32\ssprs.dll

[2010/09/07 19:01:32 | 204,438,240 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/09/01 12:11:00 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk

========== Files Created - No Company Name ==========

[2010/09/28 13:05:58 | 000,026,112 | ---- | C] () -- C:\Users\Kevin\Desktop\antispyware problems.doc

[2010/09/28 13:05:30 | 000,026,112 | ---- | C] () -- C:\Users\Kevin\Documents\antispyware problems.doc

[2010/09/28 03:00:25 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/27 02:15:26 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job

[2010/09/24 13:57:29 | 000,233,728 | ---- | C] () -- C:\Users\Kevin\Desktop\Breast ImagingRadNotice24Sept2010.pdf

[2010/09/22 16:35:26 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2010/09/22 16:30:56 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2010/09/22 16:30:56 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2010/09/22 16:30:56 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2010/09/22 16:11:21 | 000,001,758 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/09/22 16:11:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/09/16 16:27:14 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat

[2010/09/08 20:31:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll

[2010/09/08 20:31:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll

[2010/09/08 20:31:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\bnz4vca.tgz

[2010/09/08 20:31:41 | 000,001,025 | ---- | C] () -- C:\Windows\System32\bnz4vca.dll

[2010/09/08 20:31:41 | 000,000,204 | ---- | C] () -- C:\Windows\System32\yjhnoff.dll

[2010/09/08 20:31:40 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll

[2010/09/08 20:31:40 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll

[2010/09/08 20:31:40 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll

[2010/09/08 20:31:40 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll

[2010/09/08 20:31:40 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\gtgam4a.dll

[2010/09/01 12:58:49 | 000,014,592 | ---- | C] () -- C:\Windows\System32\CNC1742D.TBL

[2010/09/01 12:11:00 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk

[2009/08/20 17:36:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/01/20 09:51:29 | 000,000,386 | ---- | C] () -- C:\Windows\AvDetected.ini

[2008/11/25 01:18:53 | 000,000,188 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2008/11/24 23:45:35 | 000,007,168 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/24 22:11:37 | 000,001,322 | ---- | C] () -- C:\Windows\ntbackup.ini

[2008/09/25 17:57:59 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/01/15 03:18:24 | 000,009,683 | ---- | C] () -- C:\Windows\lg_up.ini

[2008/01/15 03:17:58 | 000,000,994 | ---- | C] () -- C:\Windows\lgcenter.ini

[2008/01/14 11:59:49 | 000,114,688 | ---- | C] () -- C:\Windows\System32\bmpsap.dll

[2008/01/14 11:53:24 | 000,025,743 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008/01/14 11:43:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/01/14 11:17:28 | 000,000,181 | ---- | C] () -- C:\Windows\lgps.ini

[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/09/10 04:12:27 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Barnes & Noble

[2009/05/02 04:27:05 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Blitware

[2010/09/02 13:42:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Canon

[2009/07/16 14:40:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Cisco

[2009/08/14 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/09/15 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ICAClient

[2009/08/13 13:22:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Research In Motion

[2010/09/10 06:28:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\tixati

[2010/08/06 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Uniblue

[2010/09/26 04:19:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job

[2010/09/28 03:44:28 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job

[2010/09/28 03:43:27 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/09/23 13:25:33 | 000,026,652 | ---- | M] () -- C:\aaw7boot.log

[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008/01/13 17:47:32 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2007/06/14 17:26:17 | 000,000,292 | -H-- | M] () -- C:\cien_anos_de_soledad_1CBDC7BB.mbp

[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/09/28 03:44:17 | 2950,807,552 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/28 03:44:15 | 3264,602,112 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >

[2007/12/11 23:58:12 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll

[2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

[2010/08/06 11:23:38 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010/08/06 11:23:39 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/08/06 11:23:40 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010/08/06 11:23:42 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/08/20 10:40:36 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/08/06 11:23:43 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2010/05/16 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA6.DLL

[2010/05/16 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA6.DLL

[2008/01/19 01:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL

[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 17:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< End of report >

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

xxxxxxxxxxxxxxxxxxxx

and Extras.txt

OTL Extras logfile created on: 28/09/2010 1:19:31 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kevin\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 231.88 Gb Total Space | 167.41 Gb Free Space | 72.19% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 29.80 Gb Total Space | 20.65 Gb Free Space | 69.30% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KEVIN-PC

Current User Name: Kevin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{4EFDCC1E-6852-4094-8EA1-00E2E9C05932}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{69ABF94F-5A6A-48A5-A5B4-E0AA6A3E9DE6}" = protocol=17 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |

"{6FDD480C-D3DD-47E1-8A5E-D70F04569685}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{7CF3B168-18D5-446F-A81D-E3F6F8842848}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{A026BB5C-D32E-494C-8D0C-8D9DE7E9A165}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{A3EED6B5-3815-47B2-8E77-0429C7067F5D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D3B8E489-2DBC-4147-BB82-5314DFC2C28C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E239D281-6808-421F-9DFE-36EC44F0CA84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{F8569F37-F2B6-427B-837B-F96F0E153620}" = protocol=6 | dir=in | app=c:\program files\barnes & noble\nookstudy\nookstudy.exe |

"TCP Query User{73B9B9A4-76FF-4D2F-810D-724F2E649591}C:\program files\stentor\isiteradiology\isiteradiology.exe" = protocol=6 | dir=in | app=c:\program files\stentor\isiteradiology\isiteradiology.exe |

"TCP Query User{7D8CCE9F-89CE-4FDB-BBE8-9042A7499A8B}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |

"TCP Query User{FF998D6E-95C6-4832-AED3-9F8A8E3DD472}C:\users\kevin\appdata\local\temp\lmi14c8.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\local\temp\lmi14c8.tmp\lmi_rescue.exe |

"UDP Query User{40639F33-F143-419E-8498-E8CC77574E15}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |

"UDP Query User{6A585DF4-20D3-410B-AD86-E279CA9E44BD}C:\users\kevin\appdata\local\temp\lmi14c8.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\local\temp\lmi14c8.tmp\lmi_rescue.exe |

"UDP Query User{BC1D7A95-6A34-4F13-BEE3-71C518FBAC13}C:\program files\stentor\isiteradiology\isiteradiology.exe" = protocol=17 | dir=in | app=c:\program files\stentor\isiteradiology\isiteradiology.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series" = Canon MX350 series MP Drivers

"{15374719-86D9-4244-9426-B17398EEA833}" = Catalyst Control Center - Branding

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1C549EF1-C7B2-C7A4-C86E-8B12A67A26D2}" = CCC Help Japanese

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205FA136-6F1C-BFF7-B00D-A7640DC440A4}" = CCC Help Chinese Traditional

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 21

"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com

"{2876404D-0D93-1106-BB87-1283265A83C6}" = Catalyst Control Center Localization Greek

"{2B64E4E7-A026-1830-A8F9-37165B20E2AB}" = CCC Help Turkish

"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4

"{312B9ED0-D215-0505-13C6-BA4835BBE32E}" = Catalyst Control Center Localization Polish

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{383627D7-B10F-5EDA-4D73-3C234E2D4726}" = Catalyst Control Center Localization German

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3E0FEA47-59AB-2855-1A44-1FAA72AAE6D3}" = Catalyst Control Center Localization Swedish

"{3E2A2C9E-EBB2-56F9-6A1A-457D0EC44575}" = CCC Help Russian

"{3FA58C71-1904-85B5-5588-E45C91C16CCC}" = CCC Help Chinese Standard

"{439DBD96-5DB5-742C-E35A-FEB8013ADE44}" = CCC Help Czech

"{440646B4-A82D-1A31-F374-C5524DEDFC3D}" = CCC Help English

"{44F9AC14-8103-31E9-A193-A93B7CA4F7D8}" = Catalyst Control Center Localization Danish

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A57DDE6-D016-5AB7-DE2C-AA9C326D8AC3}" = Skins

"{4BCD3E21-2935-4F2F-A3C0-DC4F0A1A97C3}" = Catalyst Control Center Localization Italian

"{565AAA16-3916-1B47-0A10-8429FD49FBB6}" = CCC Help Danish

"{58CB512B-C995-DA07-125E-79F70838BEB9}" = Catalyst Control Center Localization Portuguese

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

Link to post
Share on other sites

Interestingly, now my macbook has similar symptoms:

Warning! On your computer detected the malicious code. Should immediately make sure that your system is safe! Killing Hazard® for Microsoft Windows XP immediatey started to work.

Could it be something in my wireless modem?

Can I transmit it to others by sending files via email.

WIll it work to simply reformat the computer?

Link to post
Share on other sites

Hi are you connected via a router?

The macbook isn't infected as exe's cannot run on the mac platform.

It is happening via the router.

Please disconnect from the router and plug directly into the modem and see if it stops.

I tried just connecting to the modem, and the mac, at least, is now acting fine. How do I get rid of what's on my PC, though? Can I hook the PC up to the modem itself, or is there chance of the PC infecting the modem?

Link to post
Share on other sites

I looked up how to reset the router, and it appears to have worked! THank you! I can update MBAM now. However, when I use MBAM to scan the computer (full scan), it still stops in the middle, with a Windows message that tries to find a solution to the problem, unsuccessfully. Quick scan works, without finding anything.

Should I uninstall then download it again?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.