Clean MBAM log, Avira Update Freeze, Rogue RECYCLER and Bit Defender

Blonde2theBone · February 2, 2011

Complicated and daunting to describe but wishing it to the cornfield is not helping, so :wacko: *big exhale* here goes...

I tried to follow the initial directions (with some difficulty) after this post and things began looking up. As I stated in the thread, I had to run MBAM.exe from My Documents because the folder would not go to My Desktop no matter what I tried.

I was prompted that the text in MBAM.exe had changed (thus the confusion about encoding) but I ignored the prompt, clicked "No" to "Do you want to save the changes?" and continued with and executed the original file.

I had to do this from Safe Mode with Networking. Ran the MBAM quick scan with no results. This seemed to free me up from the re-directs but still too many funky files peppered my system.

In hindsight it was probably a bad idea, but since my system went wacky after my recent download of Bit-Defender (what I now suspect has bad juju) I tried to unload the monster system hog from Add/Remove Programs before I rebooted and downloaded Avira AntiVir Personal but it wouldn't let me remove Bit Defender in Safe Mode.

I rebooted and Bit Defender prompted me to update. I thought, "Oh, it's working now. Malwarebytes must have fixed that glitch too." But, naturally, the update link proved ineffective. Since anti virus software tends to clash, I thought it best to remove the useless program before I downloaded Avira. :angry: Here is where things probably went from bad to worse. but I went to Add/Remove Programs and removed Bit Defender. Deleted the shortcut from my desktop and rebooted. It was still there so I ran MBAM again with same "No infected files," result.

Okay, Pollyanna jokes aside... :blink:

I printed the instructions that Ron so kindly and quickly supplied, followed the directions, and downloaded Avira AntiVir from the link. Avira froze up on the Update with lots of time lapsed and zero files and bytes downloaded on the update. I can't remember which came first but frustrated, I ran a search for all files containing Bit Defender and ended up with a lengthy list. Could not delete the files. Also noticed a nasty a little file called "RECYCLER."

Went to Avira Help for guidance and followed the directions under manual updates by going to Avira's web page and downloaded the first VDF file here. Now I have the original Avira folder, the VDF zip file, and the extracted file on my Desktop but either can't figure out how to launch it or something else is keeping me from launching it.

Now, Avira is giving me the, "Avira has not been updated in 7 days" prompt with a link. I predict it freezes again.

Also, the nasty RECYCLER will not let me delete it, so I renamed it "repo" and it seemed to delete but RECYCLER reappeared. I renamed and deleted it again. Is is gone? I doubt it.

In the mean time, I still have a Bit Defender search results folder but cannot delete the files within the search file, even with File Assassin or by renaming it. More weird files are popping up with file extensions I'm not sure of and a few others that are obviously rogue.

I would like to follow up with the Defogger directions but I'm chicken. I can't afford the $180.00 minimum cost or time (need access to non-profit files this week) to take this baby (my laptop) to the shop. I suppose that everything I do beyond fixing this just makes it worse, right? Don't answer that.

I'll try to update Avira again. If that doesn't work, do I go back to square one ? I'm thinking a full MBAM scan will help but wonder if my system is too polluted with these pesky shape-shifter files. Is there another magic Malwarebytes fix or a miracle on line scanner, fixer, cleaner, or legal $20.00 bill printing machine?

Fingers crossed for an easy, uncomplicated fix. A wink of the eye and twinkle of the nose, perhaps?

Thanks,

~Deb

Bewitched

I hope this convoluted explanation makes sense to someone.

Ooh look! A shiny thing...

Elise · February 2, 2011

Hello ,

And :wacko: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download OTL from one of the following mirrors:
- This is THE Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Push the Quick Scan button.
[*]Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

A detailed description of your problems
A new OTL log (don't forget extra.txt)
RKU log

Thanks and again sorry for the delay.

Blonde2theBone · February 2, 2011

Hi Elise.

Thank you for the warm welcome and quick reply. Jeez, I'm blown away by the kind and quick professionalism here. :blink:

Although I couldn't update Avira after initial download, decided to scan files anyway. Currently, Luke File walker is 56% done - showing 3 Hidden Files and 5 detections. Last detection shown as JAVA/Agent.BD

:wacko: I need to get coffee made and breakfast/lunches fixed. So, if it's all the same to you, I'll let the scan finish out and return after everyone is off to work and school.

Then I can bring a cup-pa coffee (the good java) and try to wrap my head around this. Better chance of me following the instructions in at least a semi-coherent state of mind.

Thank you for being so quick and thorough.

I'll be back around 7:30 am barring any unforeseeable distractions or interruptions.

Again, thanks.

~Deb

Elise · February 2, 2011

Please take all time you need! :wacko:

Blonde2theBone · February 5, 2011

Hi again Elise. Sorry that took so long. I cannot delete the remaining BitDefender files and the pesky RECYCLER file will is a stubborn parasite too. I could not get the Avira AntiVir to update but I ran a few scans with what I had. General scan showed 5 instances of BD Agent, another showed errors up the wazoo (49, I think) in my registry, and still another indicated 39 warnings. Ugh! This is worse than I thought.

Okay, here are the two logs resulting from the OTL scan:

* * * * * * *

OTL logfile created on: 2/4/2011 5:51:09 PM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 32.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 10.20 Gb Free Space | 13.69% Space Free | Partition Type: NTFS

Computer Name: OWNER-753D2803F | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/04 17:49:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2011/01/10 14:23:42 | 000,516,353 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe

PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware1\mbam.exe

PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2010/12/01 19:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\system32\GPhotos.scr

PRC - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe

PRC - [2010/04/06 14:34:22 | 000,102,752 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe

PRC - [2010/03/24 16:36:02 | 000,883,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Temp\InstallManager_Sun_Sun.exe

PRC - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

PRC - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/02/04 17:49:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (AppMgmt)

SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [Auto | Running] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010/04/06 14:34:22 | 000,102,752 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe -- (mstbsvc)

SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2010/07/09 14:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)

DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2010/03/04 20:07:31 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)

DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2008/10/23 00:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2008/04/14 03:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/14 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2008/04/14 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2008/04/14 03:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/04/13 14:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2008/02/25 11:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2007/09/15 01:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2005/08/23 18:26:00 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/04/04 08:25:36 | 000,160,768 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2005/03/22 06:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)

DRV - [2005/03/22 06:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2005/03/22 06:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005/03/15 15:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)

DRV - [2005/03/15 15:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)

DRV - [2005/03/10 13:09:02 | 000,024,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2005/03/10 13:08:56 | 000,069,504 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2005/03/10 13:08:34 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2005/03/10 13:08:26 | 000,053,632 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2005/03/10 13:08:16 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2004/08/11 15:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/04/14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)

DRV - [2003/12/25 16:48:14 | 000,010,752 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)

DRV - [2003/06/06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

IE - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.10:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3

FF - prefs.js..extensions.enabledItems: {38abe53c-d79f-8e86-9673-57c449674c5e}:5.4.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - prefs.js..extensions.enabledItems: ddfirefox@dynamitedata:1.3.0

FF - prefs.js..extensions.enabledItems: info@priceblink.com:2.1

FF - prefs.js..extensions.enabledItems: {72938f90-8d8a-11de-8a39-0800200c9a66}:1.3.5

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cb38761&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/30 03:19:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/01/19 17:14:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/01/27 07:28:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/22 01:34:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/22 11:15:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/01/27 07:26:36 | 000,000,000 | ---D | M]

[2010/03/17 18:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2011/02/04 17:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions

[2010/04/24 16:35:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2010/06/14 12:46:14 | 000,000,000 | ---D | M] (Behind The *Asterisks* (EladKarako Mod)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions\{38abe53c-d79f-8e86-9673-57c449674c5e}

[2010/06/14 12:46:15 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

[2010/12/22 11:26:55 | 000,000,000 | ---D | M] (PriceTrace) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions\{72938f90-8d8a-11de-8a39-0800200c9a66}

[2010/12/22 11:26:50 | 000,000,000 | ---D | M] ("Dynamite Deals") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions\ddfirefox@dynamitedata

[2010/12/22 11:26:52 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions\info@priceblink.com

[2010/12/22 11:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xrun3lhv.default\extensions\staged-xpis

[2011/02/04 17:02:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/11 12:33:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/09 10:06:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/14 03:12:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/30 03:19:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX

[2011/01/19 17:14:05 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED

[2011/01/27 07:28:07 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT

[2010/06/11 12:32:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/02/26 17:00:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/06 22:26:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Companion BHO) - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()

O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\..\Toolbar\ShellBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Nova Development\Print Artist Platinum\ReminderApp.exe ()

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

O4 - HKLM..\Run: [Home Theater SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WINREMOTE] C:\Program Files\InterVideo\Common\Bin\WinRemote.exe (InterVideo Inc.)

O4 - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()

O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1085031214-1336601894-1417001333-1003\..Trusted Domains: microsoft.com ([office] https in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office2010.microsoft.com/sites/prod...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1276232200515 (MUCatalogWebControl Class)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (Reg Error: Key error.)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\bw+0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw+0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw-0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw00 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw00s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw-0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw10 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw10s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw20 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw20s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw30 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw30s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw40 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw40s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw50 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw50s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw60 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw60s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw70 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw70s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw80 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw80s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw90 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bw90s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwa0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwa0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwb0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwb0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwc0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwc0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwd0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwd0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwe0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwe0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwf0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwf0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwg0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwg0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwh0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwh0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwi0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwi0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwj0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwj0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwk0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwk0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwl0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwl0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwm0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwm0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwn0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwn0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwo0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwo0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwp0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwp0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwq0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwq0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwr0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwr0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bws0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bws0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwt0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwt0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwu0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwu0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwv0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwv0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bww0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bww0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwx0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwx0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwy0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwy0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwz0 {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\bwz0s {533fa73a-3b92-495e-a106-e988f3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\offline-8876480 {533FA73A-3B92-495E-A106-E988F3464074} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\Treed Lane.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\Treed Lane.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/23 13:14:23 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{09be0c06-2813-11df-ac2e-0014a519fd82}\Shell\AutoRun\command - "" = E:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2099/08/07 18:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\953CANON

[2098/09/15 23:29:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Sample Pictures

[2011/02/04 17:49:56 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/02/03 16:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder

[2011/02/03 15:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\WOT

[2011/02/01 22:47:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/02/01 22:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\vdf_fusebundle

[2011/02/01 22:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira

[2011/02/01 22:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2011/02/01 21:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2011/02/01 21:23:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011/02/01 21:23:55 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/02/01 21:23:55 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/02/01 21:23:55 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2011/02/01 21:23:55 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2011/02/01 21:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/02/01 21:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2011/01/31 22:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware1

[2011/01/31 22:07:22 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup1.exe

[2011/01/27 07:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2011/01/24 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN

[2011/01/24 13:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN

[2011/01/22 22:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2011/01/19 23:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP

[2011/01/19 22:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2011/01/19 22:16:19 | 000,327,368 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[24 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/04 17:52:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3891B371-4764-4E88-93BB-89E9528A0B27}.job

[2011/02/04 17:49:59 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2011/02/04 03:15:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job

[2011/02/03 13:39:21 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job

[2011/02/03 13:39:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/02/03 13:39:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/02/03 13:39:10 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2011/02/02 02:22:36 | 003,822,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tar Creek May 2011.JPG

[2011/02/01 22:31:45 | 039,643,354 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vdf_fusebundle.zip

[2011/02/01 21:24:22 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2011/02/01 20:42:36 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to xmas 2005 156.lnk

[2011/02/01 20:42:36 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to xmas 2005 152.lnk

[2011/02/01 20:42:36 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to xmas 2005 141.lnk

[2011/02/01 20:42:36 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to Trillium Price Sheet.lnk

[2011/02/01 20:42:35 | 000,001,425 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to IM000710.jpg.lnk

[2011/02/01 20:42:35 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to Red Barren and his Baby Girls.jpg.lnk

[2011/02/01 20:42:35 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to Mr Kwit, funny Irish girls.lnk

[2011/02/01 20:42:35 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to hot flash button.jpg.lnk

[2011/02/01 20:42:35 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to candy man.jpg.lnk

[2011/02/01 20:42:35 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to ninja.jpg.lnk

[2011/02/01 20:42:35 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to face.lnk

[2011/02/01 20:42:35 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to misc pics.lnk

[2011/02/01 20:42:32 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to 2005, 2006 115.lnk

[2011/02/01 20:42:32 | 000,001,047 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to 040806 Snow day at Frazier 012.lnk

[2011/02/01 20:42:32 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut to 010203040506 235.lnk

[2011/02/01 20:42:32 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Shortcut (2) to xmas 2005 141.lnk

[2011/02/01 20:42:32 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fitz.lnk

[2011/02/01 20:42:31 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Downloaded Program Updates.lnk

[2011/01/31 22:11:57 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/31 22:07:22 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup1.exe

[2011/01/27 18:25:31 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CAHSEE English Exam.ppt

[2011/01/27 13:40:59 | 000,380,928 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ParentConnection_TwoPageInstructions_blank (2) (3).doc

[2011/01/27 07:30:06 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/01/26 17:13:45 | 000,547,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/01/26 17:13:45 | 000,104,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/01/24 17:01:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/01/24 13:31:10 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk

[2011/01/24 01:47:37 | 000,003,739 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/01/24 00:03:00 | 000,087,189 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin

[2011/01/23 23:22:47 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Files named Malwarebytes'.fnd

[2011/01/22 02:20:27 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/01/22 00:38:16 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/01/20 21:16:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat

[2011/01/20 20:45:37 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat

[2011/01/19 23:52:39 | 000,000,415 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml

[2011/01/18 19:37:59 | 000,045,277 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2011 laws requiring esucation.odt

[2011/01/18 19:37:17 | 000,024,970 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\special days.odt

[2011/01/17 19:54:31 | 000,019,421 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\special education laws 2011.odt

[2011/01/17 17:45:44 | 000,116,600 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\zangle.pdf

[2011/01/17 06:02:10 | 000,021,608 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\stalker crmes.odt

[2011/01/17 05:04:58 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\education laws 2011.wps

[2011/01/17 05:04:58 | 000,018,630 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

[2011/01/16 18:27:13 | 104,443,581 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[24 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/03 15:28:28 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3891B371-4764-4E88-93BB-89E9528A0B27}.job

[2011/02/02 02:22:35 | 003,822,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Tar Creek May 2011.JPG

[2011/02/01 22:31:37 | 039,643,354 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vdf_fusebundle.zip

[2011/02/01 21:26:45 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys

[2011/02/01 21:24:22 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2011/01/27 18:25:30 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CAHSEE English Exam.ppt

[2011/01/27 13:40:58 | 000,380,928 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ParentConnection_TwoPageInstructions_blank (2) (3).doc

[2011/01/27 07:30:06 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/01/24 13:31:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk

[2011/01/23 23:22:41 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Files named Malwarebytes'.fnd

[2011/01/22 02:20:26 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer

[2011/01/22 00:36:57 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/20 20:45:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat

[2011/01/19 23:52:39 | 000,000,415 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml

[2011/01/19 22:16:19 | 000,087,189 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin

[2011/01/18 19:37:16 | 000,024,970 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\special days.odt

[2011/01/17 19:54:30 | 000,019,421 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\special education laws 2011.odt

[2011/01/17 17:45:43 | 000,116,600 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\zangle.pdf

[2011/01/17 06:02:08 | 000,021,608 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\stalker crmes.odt

[2011/01/17 05:04:57 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\education laws 2011.wps

[2011/01/17 05:04:01 | 000,045,277 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2011 laws requiring esucation.odt

[2010/07/16 00:01:00 | 000,000,349 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2010/07/13 15:09:33 | 000,348,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

[2010/06/23 19:12:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2010/06/15 16:55:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat

[2010/06/09 12:42:58 | 000,000,095 | ---- | C] () -- C:\WINDOWS\muveeapp.INI

[2010/05/23 13:07:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010/05/23 13:07:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010/05/23 13:07:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010/05/23 13:07:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010/05/23 13:07:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010/05/23 13:07:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010/05/13 09:36:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\big bad voodoo dady.txt

[2010/04/28 20:12:34 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to greenstreet.lnk

[2010/04/21 06:34:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\QSwitch.txt

[2010/04/06 09:30:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI

[2010/03/25 17:13:29 | 000,018,630 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat

[2010/03/25 14:47:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010/03/25 14:44:10 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini

[2010/03/17 17:36:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL

[2010/03/17 17:34:31 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI

[2010/03/17 12:12:00 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/11 01:32:34 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2010/03/08 22:35:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2010/02/26 07:01:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

[2005/02/12 00:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2000/04/12 11:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[1997/09/30 10:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2011/01/21 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.OWNER-753D2803F.000\Application Data\BitDefender

[2011/01/23 23:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.OWNER-753D2803F.001\Application Data\BitDefender

[2011/01/24 02:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.OWNER-753D2803F.001\Application Data\Windows Desktop Search

[2011/01/22 23:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.OWNER-753D2803F.001\Application Data\Windows Search

[2010/10/07 03:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/12/06 15:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010/10/07 02:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/10/07 03:09:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/03/25 14:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2010/06/05 18:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo

[2010/12/17 22:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/05/23 13:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

[2010/07/02 12:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development

[2010/11/06 23:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/06/01 07:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/02/26 16:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/08/12 12:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Windows Desktop Search

[2010/06/09 07:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aura DVD Copy

[2010/06/08 22:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aura4You

[2010/10/07 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10

[2010/05/09 12:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9

[2010/04/28 20:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon

[2010/12/14 00:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics

[2010/10/06 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit

[2010/06/28 04:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hemera

[2010/03/19 19:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ieSpell

[2010/08/28 16:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intervideo

[2010/06/09 12:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\muvee Technologies

[2010/07/12 00:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development

[2010/03/12 14:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/10/11 14:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan

[2010/04/06 02:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw

[2010/05/18 02:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template

[2010/04/08 23:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeraCopy

[2010/05/04 09:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

[2010/10/26 03:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Live Writer

[2010/05/07 10:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

[2011/02/03 13:39:21 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job

[2011/02/04 03:15:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job

[2011/02/04 17:52:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3891B371-4764-4E88-93BB-89E9528A0B27}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/01/24 00:03:00 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Owner\?????) -- C:\Documents and Settings\Owner\?????

[2011/01/23 23:40:11 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Owner\?????) -- C:\Documents and Settings\Owner\?????

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ipxroute.exe:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ImgCache.pvi:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\command.com:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\signons.sqlite:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\New Text Document.txt:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\getmsg.exe:SummaryInformation

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96D0C06F

< End of report >

Blonde2theBone · February 5, 2011

I had no idea there was so much junk still left on my laptop

...And the other log file:

* * * * * * *

OTL Extras logfile created on: 2/4/2011 5:51:10 PM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 32.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 10.20 Gb Free Space | 13.69% Space Free | Partition Type: NTFS

Computer Name: OWNER-753D2803F | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"1394:TCP" = 1394:TCP:*:Disabled:1394 Net Adapter

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\Program Files\Yahoo!\browser\YBrowser.exe" = C:\Program Files\Yahoo!\browser\YBrowser.exe:*:Enabled:SBC Yahoo! DSL -- (Yahoo!, Inc.)

"C:\Program Files\Blockland\Blockland.exe" = C:\Program Files\Blockland\Blockland.exe:*:Disabled:Blockland -- ()

"C:\Program Files\Logitech\SetPoint\LogitechConnect.exe" = C:\Program Files\Logitech\SetPoint\LogitechConnect.exe:*:Disabled:Connect Utility -- (Logitech)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe:*:Disabled:Desktop Messenger -- (Logitech)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe" = C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe:*:Disabled:MSN -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Common\ypostinstdsl.exe" = C:\Program Files\Yahoo!\Common\ypostinstdsl.exe:*:Disabled:SBC Yahoo! DSL Utilities -- (Yahoo!, inc.)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGearStarter

"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{379F9A64-4317-477A-BBC5-35466F8476B5}" = OpenOffice.org 3.2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3

"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH

Elise · February 5, 2011

Hi again,

First of all, please click here and scroll down to "Uninstalling BitDefender using the uninstall tool". Follow the steps there.

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or Avira. I recommend you to keep Avira, but in the end that choice is up to you.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Blonde2theBone · February 5, 2011

Get your best exasperated *sigh* ready. Unfortunately, I think you might be using it in a minute. And I apologize for any further inconvenience.

Please don't hate me.

I'll explain...

I copied the first report in its entirety (it showed "No Results" with a sad face at the bottom) but I think I may have screwed it up. When I tried to close the first scan "Report" a prompt came up with, "Are you sure?" I wasn't. I had the report copied so I thought it would be safe for me to look at another folder. It was full of interesting information but I thought I'd better close the one I had copied before I did anymore snooping.

When I went back to the "Report" tab, the report was gone! I figured, no biggie, I still had it copied. Tried to paste what I was sure would be the original contents I thought I copied under the "Report" tab. Instead, the contents of the "Driver" tab (the one I had just looked at) saved to the Desktop.

I hope that explanation made sense and that I haven't inadvertently sabotaged the key to the solution.

After I saved that to my desktop, I tried to save the contents or results from the other tabs but I was prompted with an, "Unable to Copy" or something similar.

*NOTE: There were several "Hooked" files under one of the tabs but it would not let me save a copy of the entire paged report or the individual files. If you need them, I can go back and manually type the details for you. That is, if they are still showing.

So, I will paste what I did get copied in the order copied. The first was under the "Driver" tab file from first scan. The second is the "Report" tab results from the second scan, which, by the way, was a lot faster than the first scan.

Again, I apologize for making this more work than it ought to be and I do thank you for your time.

~Deb

* * * * * * *

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2189952 bytes

0x804D7000 RAW 2189952 bytes

0x804D7000 WMIxWDM 2189952 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF6CC7000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1392640 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)

0xF6E88000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xF6AA6000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)

0xF69E9000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xF7689000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xEE57A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF6963000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xEE7A5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xEB614000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xF6C1C000 C:\WINDOWS\system32\drivers\camc6hal.sys 348160 bytes (Conexant Systems Inc., Conexant AmcHal Driver)

0xF772D000 bdfsfltr.sys 323584 bytes (BitDefender, BitDefender AntiVirus FS filter driver)

0xEE725000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0xEB7FC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xEE468000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xEE76D000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)

0xF6E1B000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 217088 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xF6BA4000 C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys 200704 bytes (Conexant Systems, Inc., HSFHWATI WDM driver)

0xF7814000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xEBB5D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF765C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB8B4C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xEE5EA000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xEE637000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF6C9F000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)

0xEE4F6000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)

0xEE6FF000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF6BF8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6E50000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF6BD5000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xEE615000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806EE000 ACPI_HAL 131840 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF778E000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF77C6000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF77E5000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)

0xF7642000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF6C71000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 106496 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )

0xF77AE000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xEE400000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF7716000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF69D2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xEBFB5000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)

0xEC1AB000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)

0xEBD70000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6C8B000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)

0xF6E74000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xEE7FE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF777C000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xEE569000 C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 69632 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)

0xF7803000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF69C1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xEE6CF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF79C3000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF79E3000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF7943000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)

0xF7873000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF78D3000 Serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF79A3000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 61440 bytes (Advanced Micro Devices, AMD Processor Driver)

0xF7913000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF7A13000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF6FCD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF7AB3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7883000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xEBA95000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)

0xF78C3000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF79D3000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF7A23000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF78A3000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xEC298000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))

0xF7A43000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF700D000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF79B3000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7893000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7A33000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF7A03000 C:\WINDOWS\system32\drivers\camc6aud.sys 40960 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)

0xF7863000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF7A83000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7A73000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF78E3000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0xF78B3000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF6FED000 C:\WINDOWS\System32\Drivers\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF7AD3000 C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)

0xF6FFD000 C:\WINDOWS\System32\Drivers\LHidUsbK.Sys 36864 bytes (Logitech, Inc., Logitech USB Mouse Function Driver.)

0xF7A53000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF705D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xBA2D8000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF7903000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7C23000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF7B23000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7BFB000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7B43000 C:\WINDOWS\System32\Drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7B63000 C:\WINDOWS\system32\DRIVERS\LHidKE.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)

0xF7C03000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)

0xF7AE3000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7C0B000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF7C13000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7C1B000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7B33000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)

0xF7B13000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7B1B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7AEB000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7C33000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7AF3000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF7C3B000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7C2B000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7BF3000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF7C53000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7C7B000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)

0xF72D0000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xF72D4000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)

0xF72B4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xEC0D3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7C7F000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)

0xF7C73000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7C77000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0xF75D9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7D37000 C:\WINDOWS\system32\drivers\iviaspi.sys 12288 bytes (InterVideo, Inc., InterVideo ASPI Shell)

0xEB68C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)

0xF75E1000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF72C4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF75F9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7D2B000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xF7D2F000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xF7DD1000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF7E0D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7DD9000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7E13000 C:\WINDOWS\system32\drivers\EABFiltr.sys 8192 bytes (Hewlett-Packard Company, QLB PS/2 Keyboard filter driver)

0xF7E0B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7D63000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7E0F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7E11000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7E03000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7DF9000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7D65000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7EA2000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7E9B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7F6C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7E2C000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)

0xF7E2B000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

Blonde2theBone · February 5, 2011

Dang! I just realized, it's the same thing! I'll try again. I'll go ahead and post this in case there is any discernible difference to your trained eyes.

**************