Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tinyproxy Trojan


  • This topic is locked This topic is locked
13 replies to this topic

#1 Cosine

Cosine

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 15 December 2008 - 10:46 AM

When I select a search site from google I am taken to various websites unrelated to the requested site. WD found nothing and I've done a virus check which came out clean.

Thanks for any help.
Cosine

Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 15, 2008 05:35:27
Records in database: 1461989
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Dan Kosin\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 67185
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:19:24


File name / Threat name / Threats count
C:\Program Files\tinyproxy\tinyproxy.exe//PE_Patch.PECompact//PecBundle//PECompact/C:\Program Files\tinyproxy\tinyproxy.exe//PE_Patch.PECompact//PecBundle//PECompact Infected: Trojan.Win32.Agent.atpj 1
C:\Program Files\tinyproxy\tinyproxy.exe Infected: Trojan.Win32.Agent.atpj 1
C:\WINDOWS\SYSTEM32\900053\900053.dll Infected: not-a-virus:AdWare.Win32.E404.jf 1

The selected area was scanned.
-------------------------------------------------------------
HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:39 AM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: 900053 helper - {94FEA8C1-0D9C-4D8D-A411-33DA3C2C567A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120705635250
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.26.downloads.estara.com....976671OneCC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1120875872421
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 1: (no name) - https://26ows.barksdale.af.mil/noheader/ind...p;look_id=50153

--
End of file - 14639 bytes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 33,480 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:53 AM

Posted 23 December 2008 - 09:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript


#3 Cosine

Cosine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 23 December 2008 - 09:59 PM

Hi Orange Blossom,

Thanks reply. Here's DDS.txt. I've attached Atach.zip:

DDS (Version 1.1.0) - NTFSx86
Run by Dan Kosin at 21:12:54.57 on Tue 12/23/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1002 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Dan Kosin\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Bsecure Popup Blocker: {E0019445-4C1F-414D-A70E-AD80F231C584} - c:\windows\system32\inetcntrl\popupkil\BsafeBHO.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Bsecure Popup Blocker: {E0019445-4C1F-414D-A70E-AD80F231C584} - c:\windows\system32\inetcntrl\popupkil\BsafeBHO.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [ControlCenter2.0] "c:\program files\brother\controlcenter2\brctrcen.exe" /autorun
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [acEventServ] "c:\program files\activcard\activcard gold\acevtsrv.exe"
mRun: [InetCntrl] c:\windows\system32\inetcntrl\InetCntrl.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: InetCntrl0011.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: acAuth - acauth.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 bsofrwl;bsofrwl;c:\windows\system32\drivers\bsofrwl.sys [2008-1-26 29024]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\common files\activcard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\common files\activcard\acautoup.exe [2003-3-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2002-8-12 159744]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2008-9-13 65536]
R2 LinksysUpdater;Linksys Updater;"c:\program files\linksys\linksys updater\bin\linksysupdater.exe" -s "c:\program files\linksys\linksys updater\conf\wrapper.conf" [2008-6-26 204800]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [2006-12-26 23936]
S3 RPRFHID;RPRF-HID.sys Interlink Electronics RPRF-HID Device Driver;c:\windows\system32\drivers\RPRF-HID.sys [2004-4-30 6144]
S3 RPRFUSB;RPRF.sys Interlink Electronics RPRF Device Driver;c:\windows\system32\drivers\RPRF.sys [2004-4-30 10752]

=============== Created Last 30 ================

2008-12-19 19:43 <DIR> --d----- c:\program files\Lavasoft
2008-12-19 19:42 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-19 09:40 <DIR> --d----- c:\program files\common files\xing shared
2008-12-15 07:45 <DIR> --d----- c:\program files\Trend Micro
2008-12-13 14:25 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-12 17:11 0 ----h--- c:\windows\f49f4d98.dat
2008-12-12 16:11 1 ----h--- c:\windows\f49f4daa.dat
2008-12-12 16:11 <DIR> --d----- c:\windows\system32\900053
2008-12-12 16:11 <DIR> --d----- c:\program files\tinyproxy
2008-12-12 16:05 1 ----h--- c:\windows\fm123.dat
2008-12-02 20:46 <DIR> --d----- c:\docume~1\dankos~1\applic~1\Unity

==================== Find3M ====================

2008-12-23 12:16 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-12-23 12:16 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-12-19 09:39 499,712 a------- c:\windows\system32\msvcp71.dll
2008-12-19 09:39 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-02-19 15:36 724,984 a------- c:\documents and settings\dan kosin\gotomypc_437.exe
2008-02-19 15:23 3,902,784 a------- c:\documents and settings\dan kosin\gosetup.exe
2008-02-02 17:28 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-10-05 08:35 0 a------- c:\program files\AMERICA ONLINE
2008-09-07 07:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 21:13:37.48 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 24 December 2008 - 12:16 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Let's see if anything changed on your computer. I do see the presents of the TinyProxy infection. We will remove that next round once I see the logs :thumbsup:

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Cosine

Cosine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 December 2008 - 11:12 AM

Hi EB, thanks for the reply. I've pasted all the scans below. Merry Christmas!
Cosine
OTViewIt logfile created on: 12/24/2008 1:09:35 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dan Kosin\Desktop\Computer fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.90% Memory free
2.58 Gb Paging File | 1.98 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): C:\pagefile.sys 753 953;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 55.36 Gb Free Space | 37.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 304.95 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL4700
Current User Name: Dan Kosin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe
[2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe
[2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe
[2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/09/03 18:14:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
[2008/10/07 06:46:01 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/12/13 14:25:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/06/26 11:52:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
[2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2008/12/13 14:25:14 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
[2005/01/31 09:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2007/01/31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2004/10/14 14:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2005/05/31 05:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
[2002/03/19 17:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TaskSwitch.exe
[2004/04/14 14:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2006/03/23 20:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2003/07/01 06:42:24 | 00,028,672 | ---- | M] (ActivCard) -- C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
[2008/01/29 16:37:40 | 00,841,008 | ---- | M] (Bsafe Online, Inc.) -- C:\WINDOWS\SYSTEM32\InetCntrl\InetCntrl.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2007/12/01 18:02:22 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/08/14 17:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2008/08/14 17:11:14 | 00,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/24 13:07:48 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kosin\Desktop\Computer fix\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe -- (ACachSrv [Auto | Running])
[2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe -- (acautoreg [Auto | Running])
[2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe -- (acautoupdate [Auto | Running])
[2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe -- (Accoca [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/09/03 18:14:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler [Auto | Running])
[2007/01/31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2008/10/07 06:46:01 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/13 14:25:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2008/06/26 11:52:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
[2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/31 09:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
[2007/06/04 10:56:46 | 00,029,024 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\bsofrwl.sys -- (bsofrwl [System | Running])
[2007/02/02 04:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/02/02 04:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
[2008/07/26 10:26:54 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/03/23 20:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/29 17:28:24 | 00,014,531 | ---- | M] (iRiver, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Ifp700.sys -- (IFP700 [Boot | Running])
[2004/03/05 23:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 23:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/15 23:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys -- (kbdhid [System | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2007/10/11 20:59:12 | 01,920,920 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
[2008/07/26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2008/07/26 10:25:46 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Running])
[2008/07/26 10:26:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2008/07/26 10:26:42 | 04,658,584 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 23:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2001/08/17 14:51:14 | 00,023,936 | ---- | M] (OMNIKEY AG) -- C:\WINDOWS\SYSTEM32\DRIVERS\sccmusbm.sys -- (OMNUSB [On_Demand | Running])
[2002/10/01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc [On_Demand | Running])
[2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
[2007/03/29 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2005/08/16 13:02:54 | 00,018,432 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM [On_Demand | Stopped])
[2004/04/30 12:05:22 | 00,006,144 | ---- | M] (InterlinkElectronics) -- C:\WINDOWS\SYSTEM32\DRIVERS\RPRF-HID.sys -- (RPRFHID [On_Demand | Stopped])
[2004/04/30 12:05:22 | 00,010,752 | ---- | M] (InterlinkElectronics) -- C:\WINDOWS\SYSTEM32\DRIVERS\RPRF.sys -- (RPRFUSB [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
[2005/01/27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2001/08/17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2007/04/05 20:52:15 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dellnet.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.foxnews.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Start Page"=http://www.dell4me.com/myway

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dellnet.com
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.foxnews.com/

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local;<local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{94FEA8C1-0D9C-4D8D-A411-33DA3C2C567A} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E0019445-4C1F-414D-A70E-AD80F231C584} (HKLM) -- C:\WINDOWS\SYSTEM32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0019445-4C1F-414D-A70E-AD80F231C584}" (HKLM) -- C:\WINDOWS\SYSTEM32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acEventServ"="C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe" (ActivCard)
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun (Brother Industries, Ltd.)
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe ()
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (ScanSoft, Inc.)
"InetCntrl"=C:\WINDOWS\system32\InetCntrl\InetCntrl.exe (Bsafe Online, Inc.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"LELA"="C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized (Linksys LLC - A Division of Cisco Systems)
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (ScanSoft, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" (Analog Devices, Inc.)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: Button: MUSICMATCH MX Web Player -- File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\windowsupdate: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\windowsupdate: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01A88BB1-1174-41EC-ACCB-963509EAE56B}: http://support.dell.com/systemprofiler/SysPro.CAB -- SysProWmi Class
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/7.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}: http://www.musicnotes.com/download/mnviewer.cab -- Musicnotes Viewer
{15589FA1-C456-11CE-BF01-00AA0055595A}: http://w4s2.work4sure.com/c/ge/w4sgeen9.exe -- Reg Error: Key does not exist or could not be opened.
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/0/5...heckControl.cab -- Windows Genuine Advantage Validation Tool
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}: http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab -- Reg Error: Key does not exist or could not be opened.
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{31E68DE2-5548-4B23-88F0-C51E6A0F695E}: https://support.microsoft.com/OAS/ActiveX/odc.cab -- Microsoft PID Sniffer
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab -- DLM Control
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1120705635250 -- WUWebControl Class
{65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}: http://d.64.69.12.26.downloads.estara.com....976671OneCC.cab -- OneCCCtl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1120875872421 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8BC53B30-32E4-4ED3-BEF9-DB761DB77453}: http://u3.sandisk.com/download/apps/LPInstaller.CAB -- CInstallLPCtrl Object
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{A8F2B9BD-A6A0-486A-9744-18920D898429}: http://www.sibelius.com/download/software/...tiveXPlugin.cab -- ScorchPlugin Class
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_06
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: -- Reg Error: Value does not exist or could not be read.

========== (O17) DNS Name Servers ==========

{7C6A385D-197A-4E7A-869D-9ABC0BDEF247} (Servers: | Description: )
{BECB88C5-8BB2-433C-9362-60999E2C1455} (Servers: | Description: 1394 Net Adapter)
{D2A53575-6715-4F29-BC44-00DC9B95B459} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
acAuth: "DllName" = acauth.dll -- C:\WINDOWS\SYSTEM32\acauth.dll (ActivCard)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
LBTWlgn: "DllName" = c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun []
[2008/07/07 22:12:42 | 00,000,000 | ---D | M] -- F:\autorun -- [ NTFS ]

autorun.inf [[autorun] | open=wd_windows_tools\setup.exe | ICON=AUTORUN\WDLOGO.ICO | ]
[2007/05/18 10:37:12 | 00,000,069 | RH-- | M] () -- F:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbd52f23-45aa-11db-a093-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbd52f23-45aa-11db-a093-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbd52f23-45aa-11db-a093-00038a000015}\Shell\AutoRun\command]
""=J:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2008/12/23 22:10:21 | 00,400,996 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\ILXCF133_011509.pdf
[2008/12/23 21:12:31 | 00,369,483 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\dds.com
[2008/12/23 08:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/12/22 09:20:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kosin\Desktop\Computer fix
[2008/12/19 19:43:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/19 19:43:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/19 19:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/19 19:43:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/19 19:42:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/19 09:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2008/12/15 10:29:29 | 00,000,521 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\RSIT.htm
[2008/12/15 07:45:46 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\HijackThis.lnk
[2008/12/15 07:45:46 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/12 17:11:25 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\f49f4d98.dat
[2008/12/12 16:11:41 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\f49f4daa.dat
[2008/12/12 16:11:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\900053
[2008/12/12 16:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\tinyproxy
[2008/12/12 16:05:03 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\fm123.dat
[2008/12/11 16:31:43 | 06,672,896 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas Letter 2008 (RI).doc
[2008/12/10 19:57:27 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Kosin 1.doc
[2008/12/10 10:20:52 | 00,074,240 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\National Grid Payment 12-10-08.doc
[2008/12/05 12:13:41 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas List.doc
[2008/12/04 19:47:31 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin 1.doc
[2008/12/02 20:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kosin\Application Data\Unity
[2008/11/30 20:40:35 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\recipe cards.doc
[2008/11/30 19:36:29 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin.doc
[2008/11/25 22:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kosin\My Documents\Freedom Trail
[2008/11/25 22:20:45 | 00,008,837 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\About Your Order 3210.htm

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/24 06:11:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/12/24 05:37:08 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/12/24 05:34:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/24 05:33:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/12/24 05:33:55 | 21,371,49440 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/24 05:33:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/12/24 05:33:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2008/12/23 22:10:21 | 00,400,996 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\ILXCF133_011509.pdf
[2008/12/23 21:12:34 | 00,369,483 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\dds.com
[2008/12/23 08:43:36 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Me.doc
[2008/12/21 20:22:54 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2008/12/20 14:58:20 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 19:43:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/19 19:43:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/19 09:39:58 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/12/19 09:39:58 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/12/19 09:39:57 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2008/12/16 14:38:25 | 00,001,244 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2008/12/15 11:34:49 | 17,676,8000 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Dan TDY.pst
[2008/12/15 10:29:30 | 00,000,521 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\RSIT.htm
[2008/12/15 07:45:46 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\HijackThis.lnk
[2008/12/14 14:54:40 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\NCC Song List.xls
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 17:11:25 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\f49f4d98.dat
[2008/12/12 16:11:42 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\f49f4daa.dat
[2008/12/12 16:05:03 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\fm123.dat
[2008/12/12 09:11:21 | 06,672,896 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas Letter 2008 (RI).doc
[2008/12/12 08:51:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\Biport
[2008/12/11 22:05:36 | 00,097,280 | -HS- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Dan Kosin\Desktop\Thumbs.db:encryptable
[2008/12/11 07:09:31 | 00,525,398 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/11 07:09:31 | 00,445,870 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/12/11 07:09:31 | 00,072,824 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/12/10 23:36:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/10 23:35:49 | 00,000,837 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/12/10 19:57:28 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Kosin 1.doc
[2008/12/10 13:20:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/10 10:20:52 | 00,074,240 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\National Grid Payment 12-10-08.doc
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/05 12:13:42 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas List.doc
[2008/12/04 19:47:31 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin 1.doc
[2008/12/01 22:35:17 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Worship Leader Tips.doc
[2008/11/30 20:40:35 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\recipe cards.doc
[2008/11/30 19:55:45 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin.doc
[2008/11/25 22:20:45 | 00,008,837 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\About Your Order 3210.htm
< End of report >
OTViewIt Extras logfile created on: 12/24/2008 1:09:35 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dan Kosin\Desktop\Computer fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.90% Memory free
2.58 Gb Paging File | 1.98 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): C:\pagefile.sys 753 953;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 55.36 Gb Free Space | 37.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 304.95 Gb Free Space | 65.47% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL4700
Current User Name: Dan Kosin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
[2008/01/29 16:37:40 | 00,841,008 | ---- | M] (Bsafe Online, Inc.) -- C:\WINDOWS\SYSTEM32\InetCntrl\InetCntrl.exe:*:Enabled:Bsecure Internet Protection Services - Application
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008/04/13 19:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Disabled:Microsoft Fax Console
[2008/12/19 09:40:00 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2005/03/23 19:02:40 | 00,491,520 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CSCLIB\CDPROC.exe:*:Enabled:Canon Digital Camera SDK CDPROC EXE
[2005/03/23 19:02:44 | 00,376,832 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CSCLIB\CDPROCMN.exe:*:Enabled:Canon Digital Camera SDK main server EXE
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/02/05 08:26:21 | 00,104,960 | ---- | M] (eStara, Inc.) -- C:\Documents and Settings\Dan Kosin\Local Settings\Temp\occ.exe:*:Enabled:OneCC Module
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/23 14:01:06 | 00,122,880 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\discover.exe:*:Enabled:BRAdmin Professional 3
[2007/11/06 10:48:12 | 00,139,264 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\AuditorServer.exe:*:Enabled:BRAdmin Professional 3
[2008/06/09 13:27:04 | 01,351,680 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\BRAdmin Professional 3\bradminv3.exe:*:Enabled:BRAdmin Professional 3
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000026 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000027 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000028 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000029 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000030 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000031 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000032 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000033 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000034 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000035 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000036 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000037 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000038 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000039 -- File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/09 10:56:34 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 14:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 14:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/30 15:54:14 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 14:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{106F886B-A874-43DF-BCC4-01DB57E1F3C6}"=Windows Movie Maker 2 Winter Fun Pack
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}"=Sibelius Scorch (ActiveX Only)
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1F06E28C-A6DC-4341-A9E3-6B0F6C641B6B}"=Linksys EasyLink Advisor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{366FFC89-C800-4366-B903-B9C4314109A5}"=Garmin WebUpdater
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}"=Garmin Communicator Plugin
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}"=Logitech QuickCam
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{44D21B77-D4FC-49E8-A726-CD00D5016703}"=DBsign Web Signer
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4A425F14-0561-11D4-9027-0060089CDAE1}"=FileMaker Pro 5.5
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}"=HTML Slideshow Powertoy for Windows XP
"{5404E185-BD7C-4A72-ABD0-91A411A05726}"=Ulead VideoStudio 6
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5986F167-4C6C-4D03-9706-E1189B2A1462}"=iriver Music Manager
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}"=Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{75C885D4-C758-4896-A3B4-90DA34B44C31}"=BRAdmin Professional 3
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}"=Garmin POI Loader
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}"=Rhapsody Player Engine
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}"=e-Sword
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}"=PaperPort
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}"=Alt-Tab Task Switcher Powertoy for Windows XP
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}"=ArcSoft Camera Suite 1.3
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB46245B-CECA-406F-8790-3ABA0D01012F}"=Roxio VideoWave Movie Creator
"{BBDCA7ED-AF48-4A5A-898F-005112DFD0C2}"=World Book 2004 (Deluxe)
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}"=Canon PhotoRecord
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}"=WebEx Support Manager for Internet Explorer
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}"=Sibelius Scorch (ActiveX Only)
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}"=Brother MFL-Pro Suite
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}"=Garmin City Navigator North America NT 2009 Update
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0000650-0650-0650-0650-000000000650}"=PureEdge Viewer 6.5
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}"=PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F489174B-CF14-4B4D-84BB-C1AD46EDB412}"=ActivCard Gold for CAC - PKI - Version 3.0 Feature Pack 1
"{FEE70C30-BAE5-4F0E-B1DF-202436C66953}_is1"=EasyWorship 2007
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"ARLHM2000"=American Reference Library 2000 Uninstall
"Audacity_is1"=Audacity 1.2.6
"CAL"=Canon Camera Access Library
"CameraWindowDC"=Canon Utilities CameraWindow DC
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher"=Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP4b.DLL"=Canon i850
"CSCLIB"=Canon Camera Support Core Library
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"DellSupport"=Dell Support 5.0.0 (630)
"getPlus®_ocx"=getPlus®_ocx
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InetCntrl"=AFAFilter Internet Protection Services v.5.0
"InstallShield_{1F06E28C-A6DC-4341-A9E3-6B0F6C641B6B}"=Linksys EasyLink Advisor
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}"=Canon Utilities PhotoStitch 3.1
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"JS1GM_1.3"=JumpStart Math for First Graders v1.3
"LADSPA_plugins-win_is1"=LADSPA_plugins-win-0.4.15
"lvdrivers_11.80"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player"=Musicnotes Player
"Musicnotes Player and Viewer_is1"=Musicnotes Player V1.23 and Viewer
"MyCamera"=Canon Utilities MyCamera
"MyCameraDC"=Canon Utilities MyCamera DC
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NoteWorthy Player"=NoteWorthy Player
"PageBreeze Free HTML Editor"=PageBreeze Free HTML Editor
"PROSet"=Intel® PRO Network Connections Drivers
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer
"RemoteCaptureDC"=Canon Utilities RemoteCapture DC
"RemoteCaptureTask"=Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ServiceBuilder"=ServiceBuilder
"StreetPlugin"=Learn2 Player (Uninstall Only)
"TotalRecorder"=Total Recorder 4.3
"Tweak UI 2.10"=Tweak UI
"UnityWebPlayer"=Unity Web Player
"ViewpointMediaPlayer"=Viewpoint Media Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost"=Web Publishing Wizard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinGimp-2.0_is1"=Gimp 2.6.2 Debug
"WinGTK-2_is1"=GTK+ 2.6.9 runtime environment
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility"=Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2008 4:45:18 PM | Computer Name = DELL4700 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2008 4:50:40 PM | Computer Name = DELL4700 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 10:59:17 AM | Computer Name = DELL4700 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8237.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 10:59:31 AM | Computer Name = DELL4700 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 10:59:33 AM | Computer Name = DELL4700 | Source = Application Hang | ID = 1001
Description = Fault bucket 1047655205.

Error - 12/19/2008 10:59:37 AM | Computer Name = DELL4700 | Source = Application Hang | ID = 1001
Description = Fault bucket 827627218.

Error - 12/19/2008 8:02:15 PM | Computer Name = DELL4700 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/20/2008 4:51:00 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x00209f6b.

Error - 12/23/2008 1:29:43 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.8.0.188, faulting module
quartz.dll, version 6.5.2600.5596, fault address 0x0004c488.

Error - 12/23/2008 1:30:25 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1001
Description = Fault bucket 1020482530.

[ System Events ]
Error - 12/14/2008 5:48:54 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/14/2008 11:16:05 PM | Computer Name = DELL4700 | Source = OMNUSB | ID = 0
Description =

Error - 12/14/2008 11:16:05 PM | Computer Name = DELL4700 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'OMNIKEY CardMan 2020 0' rejected IOCTL POWER: The
smart card is not responding to a reset.

Error - 12/14/2008 11:16:07 PM | Computer Name = DELL4700 | Source = OMNUSB | ID = 0
Description =

Error - 12/14/2008 11:16:07 PM | Computer Name = DELL4700 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'OMNIKEY CardMan 2020 0' rejected IOCTL POWER: The
smart card is not responding to a reset.

Error - 12/14/2008 11:16:09 PM | Computer Name = DELL4700 | Source = OMNUSB | ID = 0
Description =

Error - 12/14/2008 11:16:09 PM | Computer Name = DELL4700 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'OMNIKEY CardMan 2020 0' rejected IOCTL POWER: The
smart card is not responding to a reset.

Error - 12/17/2008 3:02:50 PM | Computer Name = DELL4700 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer WebEx Document Loader share
name Printer.

Error - 12/23/2008 1:19:10 PM | Computer Name = DELL4700 | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 12/23/2008 1:21:22 PM | Computer Name = DELL4700 | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.


< End of report >
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 24, 2008 23:57:15
Records in database: 1511202
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 247199
Threat name: 2
Infected objects: 1
Suspicious objects: 2
Duration of the scan: 10:42:20


File name / Threat name / Threats count
C:\Documents and Settings\Dan Kosin\My Documents\Dan TDY.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\WINDOWS\SYSTEM32\900053\900053.dll Infected: not-a-virus:AdWare.Win32.E404.jf 1
F:\Dan TDY.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 25 December 2008 - 11:27 AM

Hello again.

Tinyproxy is considered as a "backdoor" type of malware, because of that your computer may be compromised.

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

I'll assume you want to continue, please follow the instructions below:


Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Please post back with:
-Combofix log
-GMER log


:thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Cosine

Cosine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 December 2008 - 12:49 PM

Hi EB, here's the logs...thx for the help.
Cosine
-------------------
ComboFix 08-12-24.01 - Dan Kosin 2008-12-25 11:49:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1453 [GMT -5:00]
Running from: c:\documents and settings\Dan Kosin\Desktop\Computer fix\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan Kosin\Application Data\FunWebProducts
c:\documents and settings\Zak\My Documents\My Documents.url
c:\documents and settings\Zak\My Documents\My Music\My Music.url
c:\documents and settings\Zak\My Documents\My Pictures\My Pictures.url
c:\documents and settings\Zak\My Documents\My Videos\My Video.url
c:\program files\TinyProxy
c:\recycler\ADAPT_Installer.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\f49f4daa.dat
c:\windows\SYSTEM32\900053
c:\windows\SYSTEM32\900053\900053.dll
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-23 08:40 . 2008-12-23 08:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-19 19:43 . 2008-12-19 19:43 <DIR> d-------- c:\program files\Lavasoft
2008-12-19 19:43 . 2008-12-19 19:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-19 19:42 . 2008-12-19 19:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-19 09:40 . 2008-12-19 09:40 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-17 09:44 . 2008-12-17 09:44 <DIR> d-------- c:\documents and settings\Amanda\Application Data\Logitech
2008-12-15 07:45 . 2008-12-15 07:45 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 18:48 . 2008-12-14 18:48 <DIR> d-------- c:\documents and settings\Nicole\Application Data\Logitech
2008-12-13 14:25 . 2008-12-13 14:25 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-12 20:51 . 2008-12-12 20:51 <DIR> d-------- c:\documents and settings\Zak\Application Data\Logitech
2008-12-12 17:11 . 2008-12-12 17:11 0 ---h----- c:\windows\f49f4d98.dat
2008-12-12 16:05 . 2008-12-12 16:05 1 ---h----- c:\windows\fm123.dat
2008-12-02 20:46 . 2008-12-02 20:46 <DIR> d-------- c:\documents and settings\Dan Kosin\Application Data\Unity
2008-11-27 07:19 . 2008-11-27 07:19 <DIR> d-------- c:\documents and settings\Rosana\Application Data\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 16:38 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\Skype
2008-12-25 15:56 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\skypePM
2008-12-25 15:53 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-25 15:53 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-12-25 02:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-20 19:32 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\ZoomBrowser EX
2008-12-20 19:32 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-19 14:40 --------- d-----w c:\program files\Common Files\Real
2008-12-19 14:39 499,712 ----a-w c:\windows\SYSTEM32\msvcp71.dll
2008-12-19 14:39 348,160 ----a-w c:\windows\SYSTEM32\msvcr71.dll
2008-12-18 13:10 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\U3
2008-12-13 19:25 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-11-18 19:52 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\gtk-2.0
2008-11-18 17:15 --------- d-----w c:\program files\GIMP-2.0
2008-11-09 22:22 --------- d-----w c:\program files\Common Files\Adobe
2008-10-29 20:43 --------- d-----w c:\program files\iTunes
2008-10-29 20:43 --------- d-----w c:\program files\iPod
2008-10-29 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-29 20:41 --------- d-----w c:\program files\QuickTime
2008-10-29 20:41 --------- d-----w c:\program files\Common Files\Apple
2008-10-29 20:41 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-02-19 20:36 724,984 ----a-w c:\documents and settings\Dan Kosin\gotomypc_437.exe
2008-02-19 20:23 3,902,784 ----a-w c:\documents and settings\Dan Kosin\gosetup.exe
2008-02-02 22:28 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-10-05 13:35 0 ----a-w c:\program files\AMERICA ONLINE
2004-08-18 17:00 270,336 ------w c:\program files\mozilla firefox\plugins\DCAENTU.dll
2004-08-18 17:00 1,294,336 ------w c:\program files\mozilla firefox\plugins\DCARSA.dll
2004-08-18 17:00 348,160 ------w c:\program files\mozilla firefox\plugins\GuiUtils.dll
2004-08-18 17:00 122,880 ------w c:\program files\mozilla firefox\plugins\nsldap32v30.dll
2008-09-07 12:43 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 864256]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"InetCntrl"="c:\windows\system32\InetCntrl\InetCntrl.exe" [2008-01-29 841008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-09-04 159744]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-09 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 10:11 65536 c:\windows\SYSTEM32\acauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2006-04-06 10:51 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 20:13 77824 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 21:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2003-09-14 16:26 81920 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\InetCntrl\\InetCntrl.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1081:TCP"= 1081:TCP:Anti-Virus
"1080:TCP"= 1080:TCP:BeSafe
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 bsofrwl;bsofrwl;c:\windows\system32\drivers\bsofrwl.sys [2008-01-26 29024]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [2003-03-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [2002-08-12 159744]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2008-09-13 65536]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-06-26 204800]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2006-12-26 23936]
S3 RPRFHID;RPRF-HID.sys Interlink Electronics RPRF-HID Device Driver;c:\windows\system32\Drivers\RPRF-HID.sys [2004-04-30 6144]
S3 RPRFUSB;RPRF.sys Interlink Electronics RPRF Device Driver;c:\windows\system32\Drivers\RPRF.sys [2004-04-30 10752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd52f23-45aa-11db-a093-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{94FEA8C1-0D9C-4D8D-A411-33DA3C2C567A} - (no file)
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html -
LSP: InetCntrl0011.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

c:\windows\Downloaded Program Files\OneCC.dll - O16 -: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}
hxxp://d.64.69.12.26.downloads.estara.com./as/OneCCDM.php?template=21541&sessionid=990301589_74.193.225.58_1347&=&req=1202217976671OneCC.cab
c:\windows\Downloaded Program Files\OneCC.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 11:55:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\InetCntrl0011.dll
.
Completion time: 2008-12-25 11:58:01
ComboFix-quarantined-files.txt 2008-12-25 16:56:43

Pre-Run: 61,568,921,600 bytes free
Post-Run: 65,176,276,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

255 --- E O F --- 2008-12-18 16:01:42
----------------------------------------------------------------------
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-25 12:42:14
Windows 5.1.2600 Service Pack 3


---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F77B820A] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F77B8258] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F77B8482] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F77B84B0] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F77B8482] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F77B8258] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F77B820A] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F77B820A] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F77B8258] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F77B84B0] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F77B8482] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F77B8482] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F77B84B0] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F77B820A] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F77B8258] \SystemRoot\System32\Drivers\bsofrwl.SYS (bsofrwl/NT Kernel Resources)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [010D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Kosin\Desktop\Computer fix\gmer\gmer.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Kosin\Desktop\Computer fix\gmer\gmer.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Kosin\Desktop\Computer fix\gmer\gmer.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Dan Kosin\Desktop\Computer fix\gmer\gmer.exe[2820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DF2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DF2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DF2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DF2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskswitch.exe[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskswitch.exe[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskswitch.exe[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskswitch.exe[3448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [006E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [006E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [006E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [006E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe[3600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BE2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe[3600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BE2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe[3600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BE2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe[3600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BE2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\InetCntrl\InetCntrl.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\InetCntrl\InetCntrl.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\InetCntrl\InetCntrl.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\InetCntrl\InetCntrl.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[3780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs BSafFltr.sys (BSafeFil/BSafe Online)

Device \FileSystem\Fastfat \Fat A5D06D20
Device \FileSystem\Fastfat \Fat A5CFF60A

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat BSafFltr.sys (BSafeFil/BSafe Online)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 25 December 2008 - 01:00 PM

Hello.

Sorry for not adding this in earlier. Could you re-run OTViewIT and post back with the new OTViewIT.txt and Extra.txt log for me.

Thanks.

With Regards,
Extremeboy

Edited by extremeboy, 25 December 2008 - 01:01 PM.
Remove Double post.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Cosine

Cosine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 December 2008 - 01:47 PM

EB, here's the logs...thx.
Cosine
--------------
OTViewIt logfile created on: 12/25/2008 1:44:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dan Kosin\Desktop\Computer fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.48% Memory free
2.58 Gb Paging File | 2.16 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): C:\pagefile.sys 753 953;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 61.03 Gb Free Space | 41.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 308.91 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL4700
Current User Name: Dan Kosin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe
[2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe
[2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe
[2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/09/03 18:14:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
[2008/10/07 06:46:01 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/12/13 14:25:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/06/26 11:52:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
[2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2005/01/31 09:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2008/12/13 14:25:14 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2007/01/31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2004/10/14 14:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2005/05/31 05:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
[2002/03/19 17:30:00 | 00,045,632 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TaskSwitch.exe
[2004/04/14 14:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2006/03/23 20:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
[2003/07/01 06:42:24 | 00,028,672 | ---- | M] (ActivCard) -- C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
[2008/01/29 16:37:40 | 00,841,008 | ---- | M] (Bsafe Online, Inc.) -- C:\WINDOWS\SYSTEM32\InetCntrl\InetCntrl.exe
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2007/12/01 18:02:22 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/08/14 17:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2008/08/14 17:11:14 | 00,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2008/12/24 13:07:48 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Kosin\Desktop\Computer fix\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe -- (ACachSrv [Auto | Running])
[2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe -- (acautoreg [Auto | Running])
[2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe -- (acautoupdate [Auto | Running])
[2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe -- (Accoca [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/09/03 18:14:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler [Auto | Running])
[2007/01/31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2008/10/07 06:46:01 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/13 14:25:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2008/06/26 11:52:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater [Auto | Running])
[2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/31 09:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
[2007/06/04 10:56:46 | 00,029,024 | ---- | M] (NT Kernel Resources) -- C:\WINDOWS\System32\drivers\bsofrwl.sys -- (bsofrwl [System | Running])
[2007/02/02 04:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/02/02 04:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2005/06/13 12:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
[2008/07/26 10:26:54 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/25 12:03:44 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\SYSTEM32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2006/03/23 20:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2004/03/29 17:28:24 | 00,014,531 | ---- | M] (iRiver, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Ifp700.sys -- (IFP700 [Boot | Running])
[2004/03/05 23:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 23:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/15 23:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys -- (kbdhid [System | Running])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2007/10/11 20:59:12 | 01,920,920 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
[2008/07/26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2008/07/26 10:25:46 | 00,627,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Running])
[2008/07/26 10:26:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2008/07/26 10:26:42 | 04,658,584 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 23:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2001/08/17 14:51:14 | 00,023,936 | ---- | M] (OMNIKEY AG) -- C:\WINDOWS\SYSTEM32\DRIVERS\sccmusbm.sys -- (OMNUSB [On_Demand | Running])
[2002/10/01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc [On_Demand | Running])
[2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
[2007/03/29 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2005/08/16 13:02:54 | 00,018,432 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM [On_Demand | Stopped])
[2004/04/30 12:05:22 | 00,006,144 | ---- | M] (InterlinkElectronics) -- C:\WINDOWS\SYSTEM32\DRIVERS\RPRF-HID.sys -- (RPRFHID [On_Demand | Stopped])
[2004/04/30 12:05:22 | 00,010,752 | ---- | M] (InterlinkElectronics) -- C:\WINDOWS\SYSTEM32\DRIVERS\RPRF.sys -- (RPRFUSB [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
[2005/01/27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2001/08/17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2007/04/05 20:52:15 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local;<local>

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.foxnews.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell4me.com/myway
"First Home Page"=http://www.dell4me.com/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.foxnews.com/

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local;<local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E0019445-4C1F-414D-A70E-AD80F231C584} (HKLM) -- C:\WINDOWS\SYSTEM32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0019445-4C1F-414D-A70E-AD80F231C584}" (HKLM) -- C:\WINDOWS\SYSTEM32\InetCntrl\PopupKil\BsafeBHO.dll (Bsecure Technologies, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acEventServ"="C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe" (ActivCard)
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun (Brother Industries, Ltd.)
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe ()
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (ScanSoft, Inc.)
"InetCntrl"=C:\WINDOWS\system32\InetCntrl\InetCntrl.exe (Bsafe Online, Inc.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"LELA"="C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized (Linksys LLC - A Division of Cisco Systems)
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (ScanSoft, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" (Analog Devices, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/11/07 14:31:40 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: Button: MUSICMATCH MX Web Player -- File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\windowsupdate: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-428206284-431420997-2817164856-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\windowsupdate: https in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01A88BB1-1174-41EC-ACCB-963509EAE56B}: http://support.dell.com/systemprofiler/SysPro.CAB -- SysProWmi Class
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/7.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}: http://www.musicnotes.com/download/mnviewer.cab -- Musicnotes Viewer
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/0/5...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{31E68DE2-5548-4B23-88F0-C51E6A0F695E}: https://support.microsoft.com/OAS/ActiveX/odc.cab -- Microsoft PID Sniffer
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab -- DLM Control
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1120705635250 -- WUWebControl Class
{65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}: http://d.64.69.12.26.downloads.estara.com....976671OneCC.cab -- OneCCCtl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1120875872421 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8BC53B30-32E4-4ED3-BEF9-DB761DB77453}: http://u3.sandisk.com/download/apps/LPInstaller.CAB -- CInstallLPCtrl Object
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{A8F2B9BD-A6A0-486A-9744-18920D898429}: http://www.sibelius.com/download/software/...tiveXPlugin.cab -- ScorchPlugin Class
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_06
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: -- Reg Error: Value does not exist or could not be read.

========== (O17) DNS Name Servers ==========

{7C6A385D-197A-4E7A-869D-9ABC0BDEF247} (Servers: | Description: )
{BECB88C5-8BB2-433C-9362-60999E2C1455} (Servers: | Description: 1394 Net Adapter)
{D2A53575-6715-4F29-BC44-00DC9B95B459} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
acAuth: "DllName" = acauth.dll -- C:\WINDOWS\SYSTEM32\acauth.dll (ActivCard)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
LBTWlgn: "DllName" = c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun []
[2008/07/07 22:12:42 | 00,000,000 | ---D | M] -- F:\autorun -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbd52f23-45aa-11db-a093-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbd52f23-45aa-11db-a093-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbd52f23-45aa-11db-a093-00038a000015}\Shell\AutoRun\command]
""=J:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2008/12/25 12:03:46 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/25 12:03:44 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/25 12:03:44 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/25 12:03:44 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/25 12:03:44 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/25 11:42:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/25 11:41:54 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/25 11:41:49 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/25 11:39:39 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/25 11:39:39 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/25 11:39:39 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/25 11:39:39 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/25 11:39:39 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/25 11:39:39 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/25 11:39:39 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/25 11:39:39 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/25 11:39:39 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/25 11:39:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/25 11:39:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/25 11:39:33 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/12/23 22:10:21 | 00,400,996 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\ILXCF133_011509.pdf
[2008/12/23 21:12:31 | 00,369,483 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\dds.com
[2008/12/23 08:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/12/22 09:20:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kosin\Desktop\Computer fix
[2008/12/19 19:43:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/19 19:43:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/19 19:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/19 19:43:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/19 19:42:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/19 09:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2008/12/15 10:29:29 | 00,000,521 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\RSIT.htm
[2008/12/15 07:45:46 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\HijackThis.lnk
[2008/12/15 07:45:46 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/12 17:11:25 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\f49f4d98.dat
[2008/12/12 16:05:03 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\fm123.dat
[2008/12/11 16:31:43 | 06,672,896 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas Letter 2008 (RI).doc
[2008/12/10 19:57:27 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Kosin 1.doc
[2008/12/10 10:20:52 | 00,074,240 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\National Grid Payment 12-10-08.doc
[2008/12/05 12:13:41 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas List.doc
[2008/12/04 19:47:31 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin 1.doc
[2008/12/02 20:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kosin\Application Data\Unity
[2008/11/30 20:40:35 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\recipe cards.doc
[2008/11/30 19:36:29 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin.doc
[2008/11/25 22:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan Kosin\My Documents\Freedom Trail
[2008/11/25 22:20:45 | 00,008,837 | ---- | C] () -- C:\Documents and Settings\Dan Kosin\Desktop\About Your Order 3210.htm

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/25 12:47:35 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/12/25 12:45:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/12/25 12:44:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/25 12:44:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/12/25 12:44:28 | 21,371,49440 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/25 12:44:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/12/25 12:44:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2008/12/25 12:09:07 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/25 12:03:44 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/25 12:03:44 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/25 12:03:44 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/25 12:02:35 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2008/12/25 11:55:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/25 11:42:01 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2008/12/25 11:05:15 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\Skype.lnk
[2008/12/24 23:59:07 | 17,676,8000 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Dan TDY.pst
[2008/12/24 13:20:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/23 22:10:21 | 00,400,996 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\ILXCF133_011509.pdf
[2008/12/23 21:12:34 | 00,369,483 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\dds.com
[2008/12/23 08:43:36 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Me.doc
[2008/12/21 20:22:54 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2008/12/20 14:58:20 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 19:43:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/19 19:43:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/19 09:39:58 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/12/19 09:39:58 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/12/19 09:39:57 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2008/12/16 14:38:25 | 00,001,244 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2008/12/15 10:29:30 | 00,000,521 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\RSIT.htm
[2008/12/15 07:45:46 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\HijackThis.lnk
[2008/12/14 14:54:40 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\NCC Song List.xls
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 17:11:25 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\f49f4d98.dat
[2008/12/12 16:05:03 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\fm123.dat
[2008/12/12 09:11:21 | 06,672,896 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas Letter 2008 (RI).doc
[2008/12/12 08:51:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\Biport
[2008/12/11 22:05:36 | 00,097,280 | -HS- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Dan Kosin\Desktop\Thumbs.db:encryptable
[2008/12/11 07:09:31 | 00,525,398 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/11 07:09:31 | 00,445,870 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/12/11 07:09:31 | 00,072,824 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/12/10 23:36:08 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/10 23:35:49 | 00,000,837 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/12/10 19:57:28 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Kosin 1.doc
[2008/12/10 10:20:52 | 00,074,240 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\National Grid Payment 12-10-08.doc
[2008/12/09 18:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/05 12:13:42 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Christmas List.doc
[2008/12/04 19:47:31 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin 1.doc
[2008/12/01 22:35:17 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Worship Leader Tips.doc
[2008/11/30 20:40:35 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\recipe cards.doc
[2008/11/30 19:55:45 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\My Documents\Zak KosinKosin.doc
[2008/11/25 22:20:45 | 00,008,837 | ---- | M] () -- C:\Documents and Settings\Dan Kosin\Desktop\About Your Order 3210.htm
< End of report >
OTViewIt Extras logfile created on: 12/25/2008 1:44:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dan Kosin\Desktop\Computer fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.48% Memory free
2.58 Gb Paging File | 2.16 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): C:\pagefile.sys 753 953;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 61.03 Gb Free Space | 41.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 308.91 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL4700
Current User Name: Dan Kosin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/01/29 16:37:40 | 00,841,008 | ---- | M] (Bsafe Online, Inc.) -- C:\WINDOWS\SYSTEM32\InetCntrl\InetCntrl.exe:*:Enabled:Bsecure Internet Protection Services - Application
[2008/04/13 19:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Disabled:Microsoft Fax Console
[2008/12/19 09:40:00 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2005/03/23 19:02:40 | 00,491,520 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CSCLIB\CDPROC.exe:*:Enabled:Canon Digital Camera SDK CDPROC EXE
[2005/03/23 19:02:44 | 00,376,832 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CSCLIB\CDPROCMN.exe:*:Enabled:Canon Digital Camera SDK main server EXE
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/23 14:01:06 | 00,122,880 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\discover.exe:*:Enabled:BRAdmin Professional 3
[2007/11/06 10:48:12 | 00,139,264 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\AuditorServer.exe:*:Enabled:BRAdmin Professional 3
[2008/06/09 13:27:04 | 01,351,680 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\BRAdmin Professional 3\bradminv3.exe:*:Enabled:BRAdmin Professional 3
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000026 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000027 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000028 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000029 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000030 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000031 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000032 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000033 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000034 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000035 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000036 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000037 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000038 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000039 -- File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/09 10:56:34 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 14:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 14:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/30 15:54:14 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 14:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{106F886B-A874-43DF-BCC4-01DB57E1F3C6}"=Windows Movie Maker 2 Winter Fun Pack
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}"=Sibelius Scorch (ActiveX Only)
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1F06E28C-A6DC-4341-A9E3-6B0F6C641B6B}"=Linksys EasyLink Advisor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{366FFC89-C800-4366-B903-B9C4314109A5}"=Garmin WebUpdater
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}"=Garmin Communicator Plugin
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}"=Logitech QuickCam
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{44D21B77-D4FC-49E8-A726-CD00D5016703}"=DBsign Web Signer
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4A425F14-0561-11D4-9027-0060089CDAE1}"=FileMaker Pro 5.5
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}"=HTML Slideshow Powertoy for Windows XP
"{5404E185-BD7C-4A72-ABD0-91A411A05726}"=Ulead VideoStudio 6
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5986F167-4C6C-4D03-9706-E1189B2A1462}"=iriver Music Manager
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}"=Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{75C885D4-C758-4896-A3B4-90DA34B44C31}"=BRAdmin Professional 3
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}"=Garmin POI Loader
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}"=Rhapsody Player Engine
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}"=e-Sword
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}"=PaperPort
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}"=Alt-Tab Task Switcher Powertoy for Windows XP
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}"=ArcSoft Camera Suite 1.3
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB46245B-CECA-406F-8790-3ABA0D01012F}"=Roxio VideoWave Movie Creator
"{BBDCA7ED-AF48-4A5A-898F-005112DFD0C2}"=World Book 2004 (Deluxe)
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}"=Canon PhotoRecord
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}"=WebEx Support Manager for Internet Explorer
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}"=Sibelius Scorch (ActiveX Only)
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}"=Brother MFL-Pro Suite
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}"=Garmin City Navigator North America NT 2009 Update
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0000650-0650-0650-0650-000000000650}"=PureEdge Viewer 6.5
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}"=PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F489174B-CF14-4B4D-84BB-C1AD46EDB412}"=ActivCard Gold for CAC - PKI - Version 3.0 Feature Pack 1
"{FEE70C30-BAE5-4F0E-B1DF-202436C66953}_is1"=EasyWorship 2007
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"ARLHM2000"=American Reference Library 2000 Uninstall
"Audacity_is1"=Audacity 1.2.6
"CAL"=Canon Camera Access Library
"CameraWindowDC"=Canon Utilities CameraWindow DC
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher"=Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP4b.DLL"=Canon i850
"CSCLIB"=Canon Camera Support Core Library
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"DellSupport"=Dell Support 5.0.0 (630)
"getPlus®_ocx"=getPlus®_ocx
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InetCntrl"=AFAFilter Internet Protection Services v.5.0
"InstallShield_{1F06E28C-A6DC-4341-A9E3-6B0F6C641B6B}"=Linksys EasyLink Advisor
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}"=Canon Utilities PhotoStitch 3.1
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"JS1GM_1.3"=JumpStart Math for First Graders v1.3
"LADSPA_plugins-win_is1"=LADSPA_plugins-win-0.4.15
"lvdrivers_11.80"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player"=Musicnotes Player
"Musicnotes Player and Viewer_is1"=Musicnotes Player V1.23 and Viewer
"MyCamera"=Canon Utilities MyCamera
"MyCameraDC"=Canon Utilities MyCamera DC
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NoteWorthy Player"=NoteWorthy Player
"PageBreeze Free HTML Editor"=PageBreeze Free HTML Editor
"PROSet"=Intel® PRO Network Connections Drivers
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer
"RemoteCaptureDC"=Canon Utilities RemoteCapture DC
"RemoteCaptureTask"=Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ServiceBuilder"=ServiceBuilder
"StreetPlugin"=Learn2 Player (Uninstall Only)
"TotalRecorder"=Total Recorder 4.3
"Tweak UI 2.10"=Tweak UI
"UnityWebPlayer"=Unity Web Player
"ViewpointMediaPlayer"=Viewpoint Media Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost"=Web Publishing Wizard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinGimp-2.0_is1"=Gimp 2.6.2 Debug
"WinGTK-2_is1"=GTK+ 2.6.9 runtime environment
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility"=Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2008 10:59:31 AM | Computer Name = DELL4700 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2008 10:59:33 AM | Computer Name = DELL4700 | Source = Application Hang | ID = 1001
Description = Fault bucket 1047655205.

Error - 12/19/2008 10:59:37 AM | Computer Name = DELL4700 | Source = Application Hang | ID = 1001
Description = Fault bucket 827627218.

Error - 12/19/2008 8:02:15 PM | Computer Name = DELL4700 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/20/2008 4:51:00 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x00209f6b.

Error - 12/23/2008 1:29:43 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.8.0.188, faulting module
quartz.dll, version 6.5.2600.5596, fault address 0x0004c488.

Error - 12/23/2008 1:30:25 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1001
Description = Fault bucket 1020482530.

Error - 12/24/2008 8:02:05 PM | Computer Name = DELL4700 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2008 2:28:11 AM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application ScanningProcess.exe, version 5.0.1.86, faulting
module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.

Error - 12/25/2008 8:44:52 AM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application ScanningProcess.exe, version 5.0.1.86, faulting
module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.

[ System Events ]
Error - 12/14/2008 11:16:05 PM | Computer Name = DELL4700 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'OMNIKEY CardMan 2020 0' rejected IOCTL POWER: The
smart card is not responding to a reset.

Error - 12/14/2008 11:16:07 PM | Computer Name = DELL4700 | Source = OMNUSB | ID = 0
Description =

Error - 12/14/2008 11:16:07 PM | Computer Name = DELL4700 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'OMNIKEY CardMan 2020 0' rejected IOCTL POWER: The
smart card is not responding to a reset.

Error - 12/14/2008 11:16:09 PM | Computer Name = DELL4700 | Source = OMNUSB | ID = 0
Description =

Error - 12/14/2008 11:16:09 PM | Computer Name = DELL4700 | Source = SCardSvr | ID = 610
Description = Smart Card Reader 'OMNIKEY CardMan 2020 0' rejected IOCTL POWER: The
smart card is not responding to a reset.

Error - 12/17/2008 3:02:50 PM | Computer Name = DELL4700 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer WebEx Document Loader share
name Printer.

Error - 12/23/2008 1:19:10 PM | Computer Name = DELL4700 | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 12/23/2008 1:21:22 PM | Computer Name = DELL4700 | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 12/25/2008 6:33:58 AM | Computer Name = DELL4700 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.101 on
the Network Card with network address 0011116CBFB0.

Error - 12/25/2008 12:39:38 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 25 December 2008 - 02:12 PM

Hello again.

Log looks better. Combofix took out the TinyProxy infection :thumbsup:

A program I want to warn you about:
View Point Programs Warning
Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Additional instructions on remocing program can be found here.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\SYSTEM32\deploytk.dll
    c:\windows\f49f4d98.dat
    c:\windows\fm123.dat
    c:\windows\system32\drivers\lvuvc.hs
    c:\windows\system32\drivers\logiflt.iad
    
    ADS::
    C:\Documents and Settings\Dan Kosin\Desktop\Thumbs.db
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Removing Programs using Add/Remove
Since you have the latest version of java, please remove all the older versions. Please reboot your computer afterwards.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 3
Java™ 6 Update 7

Additional instructions can be found here if needed.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back with:
-Combofix log
-Kaspersky online scan log
-Fresh OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Cosine

Cosine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 December 2008 - 07:15 PM

Hi EB, here's the latest logs...thx again.
Cosine
------------------------------
ComboFix 08-12-24.01 - Dan Kosin 2008-12-25 14:49:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1452 [GMT -5:00]
Running from: c:\documents and settings\Dan Kosin\Desktop\Computer fix\ComboFix.exe
Command switches used :: c:\documents and settings\Dan Kosin\Desktop\Computer fix\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\f49f4d98.dat
c:\windows\fm123.dat
c:\windows\SYSTEM32\deploytk.dll
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.
ADS - Thumbs.db: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\f49f4d98.dat
c:\windows\fm123.dat
c:\windows\SYSTEM32\deploytk.dll
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-25 12:03 . 2008-12-25 12:09 345 --a------ c:\windows\gmer.ini
2008-12-23 08:40 . 2008-12-23 08:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-19 19:43 . 2008-12-19 19:43 <DIR> d-------- c:\program files\Lavasoft
2008-12-19 19:43 . 2008-12-19 19:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-19 19:42 . 2008-12-19 19:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-19 09:40 . 2008-12-19 09:40 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-17 09:44 . 2008-12-17 09:44 <DIR> d-------- c:\documents and settings\Amanda\Application Data\Logitech
2008-12-15 07:45 . 2008-12-15 07:45 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 18:48 . 2008-12-14 18:48 <DIR> d-------- c:\documents and settings\Nicole\Application Data\Logitech
2008-12-12 20:51 . 2008-12-12 20:51 <DIR> d-------- c:\documents and settings\Zak\Application Data\Logitech
2008-12-02 20:46 . 2008-12-02 20:46 <DIR> d-------- c:\documents and settings\Dan Kosin\Application Data\Unity
2008-11-27 07:19 . 2008-11-27 07:19 <DIR> d-------- c:\documents and settings\Rosana\Application Data\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-25 18:44 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\Skype
2008-12-25 15:56 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\skypePM
2008-12-25 02:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-20 19:32 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\ZoomBrowser EX
2008-12-20 19:32 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-19 14:40 --------- d-----w c:\program files\Common Files\Real
2008-12-19 14:39 499,712 ----a-w c:\windows\SYSTEM32\msvcp71.dll
2008-12-19 14:39 348,160 ----a-w c:\windows\SYSTEM32\msvcr71.dll
2008-12-18 13:10 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\U3
2008-12-13 19:25 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-11-18 19:52 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\gtk-2.0
2008-11-18 17:15 --------- d-----w c:\program files\GIMP-2.0
2008-11-09 22:22 --------- d-----w c:\program files\Common Files\Adobe
2008-10-29 20:43 --------- d-----w c:\program files\iTunes
2008-10-29 20:43 --------- d-----w c:\program files\iPod
2008-10-29 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-29 20:41 --------- d-----w c:\program files\QuickTime
2008-10-29 20:41 --------- d-----w c:\program files\Common Files\Apple
2008-10-29 20:41 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-02-19 20:36 724,984 ----a-w c:\documents and settings\Dan Kosin\gotomypc_437.exe
2008-02-19 20:23 3,902,784 ----a-w c:\documents and settings\Dan Kosin\gosetup.exe
2008-02-02 22:28 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-10-05 13:35 0 ----a-w c:\program files\AMERICA ONLINE
2004-08-18 17:00 270,336 ------w c:\program files\mozilla firefox\plugins\DCAENTU.dll
2004-08-18 17:00 1,294,336 ------w c:\program files\mozilla firefox\plugins\DCARSA.dll
2004-08-18 17:00 348,160 ------w c:\program files\mozilla firefox\plugins\GuiUtils.dll
2004-08-18 17:00 122,880 ------w c:\program files\mozilla firefox\plugins\nsldap32v30.dll
2008-09-07 12:43 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-25_11.56.21.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-25 17:03:44 884,736 ----a-w c:\windows\gmer.dll
+ 2008-12-25 17:02:35 811,008 ----a-w c:\windows\gmer.exe
+ 2008-12-25 17:03:44 85,969 ----a-w c:\windows\SYSTEM32\DRIVERS\gmer.sys
- 2008-12-25 16:38:15 28,401 ----a-w c:\windows\SYSTEM32\InetCntrl\Data\userpolicy.bin
+ 2008-12-25 19:45:23 28,425 ----a-w c:\windows\SYSTEM32\InetCntrl\Data\userpolicy.bin
+ 2008-12-25 17:44:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_46c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 864256]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"InetCntrl"="c:\windows\system32\InetCntrl\InetCntrl.exe" [2008-01-29 841008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-09-04 159744]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-09 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 10:11 65536 c:\windows\SYSTEM32\acauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2006-04-06 10:51 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 20:13 77824 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 21:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2003-09-14 16:26 81920 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\InetCntrl\\InetCntrl.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1081:TCP"= 1081:TCP:Anti-Virus
"1080:TCP"= 1080:TCP:BeSafe
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 bsofrwl;bsofrwl;c:\windows\system32\drivers\bsofrwl.sys [2008-01-26 29024]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [2003-03-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [2002-08-12 159744]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2008-09-13 65536]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-06-26 204800]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2006-12-26 23936]
S3 RPRFHID;RPRF-HID.sys Interlink Electronics RPRF-HID Device Driver;c:\windows\system32\Drivers\RPRF-HID.sys [2004-04-30 6144]
S3 RPRFUSB;RPRF.sys Interlink Electronics RPRF Device Driver;c:\windows\system32\Drivers\RPRF.sys [2004-04-30 10752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd52f23-45aa-11db-a093-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html -
LSP: InetCntrl0011.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

c:\windows\Downloaded Program Files\OneCC.dll - O16 -: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}
hxxp://d.64.69.12.26.downloads.estara.com./as/OneCCDM.php?template=21541&sessionid=990301589_74.193.225.58_1347&=&req=1202217976671OneCC.cab
c:\windows\Downloaded Program Files\OneCC.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 14:55:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\InetCntrl0011.dll
.
Completion time: 2008-12-25 14:58:11
ComboFix-quarantined-files.txt 2008-12-25 19:56:53
ComboFix2.txt 2008-12-25 16:58:02

Pre-Run: 65,466,589,184 bytes free
Post-Run: 65,467,748,352 bytes free

254 --- E O F --- 2008-12-18 16:01:42
---------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 25, 2008 16:58:12
Records in database: 1514269
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 166089
Threat name: 2
Infected objects: 1
Suspicious objects: 2
Duration of the scan: 03:42:15


File name / Threat name / Threats count
C:\Documents and Settings\Dan Kosin\My Documents\Dan TDY.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\900053\900053.dll.vir Infected: not-a-virus:AdWare.Win32.E404.jf 1
F:\Dan TDY.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.
---------------------------------------------------
ComboFix 08-12-24.01 - Dan Kosin 2008-12-25 14:49:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1452 [GMT -5:00]
Running from: c:\documents and settings\Dan Kosin\Desktop\Computer fix\ComboFix.exe
Command switches used :: c:\documents and settings\Dan Kosin\Desktop\Computer fix\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\f49f4d98.dat
c:\windows\fm123.dat
c:\windows\SYSTEM32\deploytk.dll
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.
ADS - Thumbs.db: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\f49f4d98.dat
c:\windows\fm123.dat
c:\windows\SYSTEM32\deploytk.dll
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-25 12:03 . 2008-12-25 12:09 345 --a------ c:\windows\gmer.ini
2008-12-23 08:40 . 2008-12-23 08:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-19 19:43 . 2008-12-19 19:43 <DIR> d-------- c:\program files\Lavasoft
2008-12-19 19:43 . 2008-12-19 19:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-19 19:42 . 2008-12-19 19:42 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-19 09:40 . 2008-12-19 09:40 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-17 09:44 . 2008-12-17 09:44 <DIR> d-------- c:\documents and settings\Amanda\Application Data\Logitech
2008-12-15 07:45 . 2008-12-15 07:45 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 18:48 . 2008-12-14 18:48 <DIR> d-------- c:\documents and settings\Nicole\Application Data\Logitech
2008-12-12 20:51 . 2008-12-12 20:51 <DIR> d-------- c:\documents and settings\Zak\Application Data\Logitech
2008-12-02 20:46 . 2008-12-02 20:46 <DIR> d-------- c:\documents and settings\Dan Kosin\Application Data\Unity
2008-11-27 07:19 . 2008-11-27 07:19 <DIR> d-------- c:\documents and settings\Rosana\Application Data\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-25 18:44 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\Skype
2008-12-25 15:56 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\skypePM
2008-12-25 02:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-20 19:32 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\ZoomBrowser EX
2008-12-20 19:32 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-12-19 14:40 --------- d-----w c:\program files\Common Files\Real
2008-12-19 14:39 499,712 ----a-w c:\windows\SYSTEM32\msvcp71.dll
2008-12-19 14:39 348,160 ----a-w c:\windows\SYSTEM32\msvcr71.dll
2008-12-18 13:10 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\U3
2008-12-13 19:25 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-11-18 19:52 --------- d-----w c:\documents and settings\Dan Kosin\Application Data\gtk-2.0
2008-11-18 17:15 --------- d-----w c:\program files\GIMP-2.0
2008-11-09 22:22 --------- d-----w c:\program files\Common Files\Adobe
2008-10-29 20:43 --------- d-----w c:\program files\iTunes
2008-10-29 20:43 --------- d-----w c:\program files\iPod
2008-10-29 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-29 20:41 --------- d-----w c:\program files\QuickTime
2008-10-29 20:41 --------- d-----w c:\program files\Common Files\Apple
2008-10-29 20:41 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
2008-02-19 20:36 724,984 ----a-w c:\documents and settings\Dan Kosin\gotomypc_437.exe
2008-02-19 20:23 3,902,784 ----a-w c:\documents and settings\Dan Kosin\gosetup.exe
2008-02-02 22:28 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-10-05 13:35 0 ----a-w c:\program files\AMERICA ONLINE
2004-08-18 17:00 270,336 ------w c:\program files\mozilla firefox\plugins\DCAENTU.dll
2004-08-18 17:00 1,294,336 ------w c:\program files\mozilla firefox\plugins\DCARSA.dll
2004-08-18 17:00 348,160 ------w c:\program files\mozilla firefox\plugins\GuiUtils.dll
2004-08-18 17:00 122,880 ------w c:\program files\mozilla firefox\plugins\nsldap32v30.dll
2008-09-07 12:43 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-25_11.56.21.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-25 17:03:44 884,736 ----a-w c:\windows\gmer.dll
+ 2008-12-25 17:02:35 811,008 ----a-w c:\windows\gmer.exe
+ 2008-12-25 17:03:44 85,969 ----a-w c:\windows\SYSTEM32\DRIVERS\gmer.sys
- 2008-12-25 16:38:15 28,401 ----a-w c:\windows\SYSTEM32\InetCntrl\Data\userpolicy.bin
+ 2008-12-25 19:45:23 28,425 ----a-w c:\windows\SYSTEM32\InetCntrl\Data\userpolicy.bin
+ 2008-12-25 17:44:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_46c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 864256]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"InetCntrl"="c:\windows\system32\InetCntrl\InetCntrl.exe" [2008-01-29 841008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-09-04 159744]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-09 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 10:11 65536 c:\windows\SYSTEM32\acauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2006-04-06 10:51 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 20:13 77824 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 21:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2003-09-14 16:26 81920 c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\SYSTEM32\\InetCntrl\\InetCntrl.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"c:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1081:TCP"= 1081:TCP:Anti-Virus
"1080:TCP"= 1080:TCP:BeSafe
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 bsofrwl;bsofrwl;c:\windows\system32\drivers\bsofrwl.sys [2008-01-26 29024]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [2003-03-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [2002-08-12 159744]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2008-09-13 65536]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-06-26 204800]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\DRIVERS\sccmusbm.sys [2006-12-26 23936]
S3 RPRFHID;RPRF-HID.sys Interlink Electronics RPRF-HID Device Driver;c:\windows\system32\Drivers\RPRF-HID.sys [2004-04-30 6144]
S3 RPRFUSB;RPRF.sys Interlink Electronics RPRF Device Driver;c:\windows\system32\Drivers\RPRF.sys [2004-04-30 10752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd52f23-45aa-11db-a093-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html -
LSP: InetCntrl0011.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

c:\windows\Downloaded Program Files\OneCC.dll - O16 -: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7}
hxxp://d.64.69.12.26.downloads.estara.com./as/OneCCDM.php?template=21541&sessionid=990301589_74.193.225.58_1347&=&req=1202217976671OneCC.cab
c:\windows\Downloaded Program Files\OneCC.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 14:55:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\InetCntrl0011.dll
.
Completion time: 2008-12-25 14:58:11
ComboFix-quarantined-files.txt 2008-12-25 19:56:53
ComboFix2.txt 2008-12-25 16:58:02

Pre-Run: 65,466,589,184 bytes free
Post-Run: 65,467,748,352 bytes free

254 --- E O F --- 2008-12-18 16:01:42
--------------------------------------------------------------------
OTViewIt Extras logfile created on: 12/25/2008 7:12:17 PM - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Dan Kosin\Desktop\Computer fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.76% Memory free
2.58 Gb Paging File | 1.31 Gb Available in Paging File | 50.77% Paging File free
Paging file location(s): C:\pagefile.sys 753 953;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 61.01 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 308.91 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL4700
Current User Name: Dan Kosin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/01/29 16:37:40 | 00,841,008 | ---- | M] (Bsafe Online, Inc.) -- C:\WINDOWS\SYSTEM32\InetCntrl\InetCntrl.exe:*:Enabled:Bsecure Internet Protection Services - Application
[2008/04/13 19:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Disabled:Microsoft Fax Console
[2008/12/19 09:40:00 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2005/03/23 19:02:40 | 00,491,520 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CSCLIB\CDPROC.exe:*:Enabled:Canon Digital Camera SDK CDPROC EXE
[2005/03/23 19:02:44 | 00,376,832 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CSCLIB\CDPROCMN.exe:*:Enabled:Canon Digital Camera SDK main server EXE
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/02/09 10:56:34 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/23 14:01:06 | 00,122,880 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\discover.exe:*:Enabled:BRAdmin Professional 3
[2007/11/06 10:48:12 | 00,139,264 | ---- | M] () -- C:\Program Files\Brother\BRAdmin Professional 3\AuditorServer.exe:*:Enabled:BRAdmin Professional 3
[2008/06/09 13:27:04 | 01,351,680 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\BRAdmin Professional 3\bradminv3.exe:*:Enabled:BRAdmin Professional 3
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000026 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000027 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000028 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000029 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000030 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000031 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000032 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000033 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000034 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000035 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000036 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000037 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000038 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000039 -- File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/09 10:56:34 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 14:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 14:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/03 13:50:56 | 00,144,696 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/05/30 15:54:14 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 14:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{106F886B-A874-43DF-BCC4-01DB57E1F3C6}"=Windows Movie Maker 2 Winter Fun Pack
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}"=Sibelius Scorch (ActiveX Only)
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1F06E28C-A6DC-4341-A9E3-6B0F6C641B6B}"=Linksys EasyLink Advisor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{366FFC89-C800-4366-B903-B9C4314109A5}"=Garmin WebUpdater
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}"=Garmin Communicator Plugin
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}"=Logitech QuickCam
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{44D21B77-D4FC-49E8-A726-CD00D5016703}"=DBsign Web Signer
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4A425F14-0561-11D4-9027-0060089CDAE1}"=FileMaker Pro 5.5
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}"=HTML Slideshow Powertoy for Windows XP
"{5404E185-BD7C-4A72-ABD0-91A411A05726}"=Ulead VideoStudio 6
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5986F167-4C6C-4D03-9706-E1189B2A1462}"=iriver Music Manager
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{75C885D4-C758-4896-A3B4-90DA34B44C31}"=BRAdmin Professional 3
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}"=Garmin POI Loader
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}"=Rhapsody Player Engine
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}"=e-Sword
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}"=PaperPort
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}"=Alt-Tab Task Switcher Powertoy for Windows XP
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}"=ArcSoft Camera Suite 1.3
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB46245B-CECA-406F-8790-3ABA0D01012F}"=Roxio VideoWave Movie Creator
"{BBDCA7ED-AF48-4A5A-898F-005112DFD0C2}"=World Book 2004 (Deluxe)
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}"=Canon PhotoRecord
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}"=WebEx Support Manager for Internet Explorer
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}"=Sibelius Scorch (ActiveX Only)
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}"=Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}"=Brother MFL-Pro Suite
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}"=Garmin City Navigator North America NT 2009 Update
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0000650-0650-0650-0650-000000000650}"=PureEdge Viewer 6.5
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}"=PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F489174B-CF14-4B4D-84BB-C1AD46EDB412}"=ActivCard Gold for CAC - PKI - Version 3.0 Feature Pack 1
"{FEE70C30-BAE5-4F0E-B1DF-202436C66953}_is1"=EasyWorship 2007
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"ARLHM2000"=American Reference Library 2000 Uninstall
"Audacity_is1"=Audacity 1.2.6
"CAL"=Canon Camera Access Library
"CameraWindowDC"=Canon Utilities CameraWindow DC
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher"=Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP4b.DLL"=Canon i850
"CSCLIB"=Canon Camera Support Core Library
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"DellSupport"=Dell Support 5.0.0 (630)
"getPlus®_ocx"=getPlus®_ocx
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InetCntrl"=AFAFilter Internet Protection Services v.5.0
"InstallShield_{1F06E28C-A6DC-4341-A9E3-6B0F6C641B6B}"=Linksys EasyLink Advisor
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}"=Canon Utilities PhotoStitch 3.1
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"JS1GM_1.3"=JumpStart Math for First Graders v1.3
"LADSPA_plugins-win_is1"=LADSPA_plugins-win-0.4.15
"lvdrivers_11.80"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player"=Musicnotes Player
"Musicnotes Player and Viewer_is1"=Musicnotes Player V1.23 and Viewer
"MyCamera"=Canon Utilities MyCamera
"MyCameraDC"=Canon Utilities MyCamera DC
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NoteWorthy Player"=NoteWorthy Player
"PageBreeze Free HTML Editor"=PageBreeze Free HTML Editor
"PROSet"=Intel® PRO Network Connections Drivers
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer
"RemoteCaptureDC"=Canon Utilities RemoteCapture DC
"RemoteCaptureTask"=Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ServiceBuilder"=ServiceBuilder
"StreetPlugin"=Learn2 Player (Uninstall Only)
"TotalRecorder"=Total Recorder 4.3
"Tweak UI 2.10"=Tweak UI
"UnityWebPlayer"=Unity Web Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost"=Web Publishing Wizard
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinGimp-2.0_is1"=Gimp 2.6.2 Debug
"WinGTK-2_is1"=GTK+ 2.6.9 runtime environment
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility"=Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2008 4:51:00 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module flash10a.ocx, version 10.0.12.36, fault address 0x00209f6b.

Error - 12/23/2008 1:29:43 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 3.8.0.188, faulting module
quartz.dll, version 6.5.2600.5596, fault address 0x0004c488.

Error - 12/23/2008 1:30:25 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1001
Description = Fault bucket 1020482530.

Error - 12/24/2008 8:02:05 PM | Computer Name = DELL4700 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/25/2008 2:28:11 AM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application ScanningProcess.exe, version 5.0.1.86, faulting
module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.

Error - 12/25/2008 8:44:52 AM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application ScanningProcess.exe, version 5.0.1.86, faulting
module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.

Error - 12/25/2008 5:42:54 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application ScanningProcess.exe, version 5.0.1.86, faulting
module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.

Error - 12/25/2008 6:14:30 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application ScanningProcess.exe, version 5.0.1.86, faulting
module mdb.ppl, version 6.0.2.678, fault address 0x000014f6.

Error - 12/25/2008 7:12:05 PM | Computer Name = DELL4700 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Error - 12/25/2008 8:02:05 PM | Computer Name = DELL4700 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 12/25/2008 4:18:51 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:51 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:51 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:51 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:51 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:52 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:52 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:52 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:52 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/25/2008 4:18:52 PM | Computer Name = DELL4700 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 25 December 2008 - 08:11 PM

Hello Cosine.

Your log looks good. Any other Problems left??

Kaspersky found 2 files that are bad, the other one is just the quarantined items from Combofix.

C:\Documents and Settings\Dan Kosin\My Documents\Dan TDY.pst
F:\Dan TDY.pst

I do not know what those two files are used for. I do not want to use any tools to remove them because they are a .pst file. .pst files are personal folders that stores messages, calendar events, and other items within Microsoft Microsoft Exchange Client, Windows Messaging, Microsoft Outlook, and Microsoft Outlook Express. For that reason, if it's possible please delete it if it's nothing important.

After that you are good. Install an Anti-virus and firewall to keep you secure.

Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a free anti-virus program:
Install Firewall

Install a third-party firewall from the following selection of excellent programsThe main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signles (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks.

After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled.

*Note: If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so.


Please follow/read the steps below to remove the tools we used and for some more information. :)

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
This will remove files/folders assoicated with combofix and uninstall it.

Run Cleanup with OTViewIT

We will remove the leftover tool we have used.
  • Please double click on OTViewit.exe.
  • At the Main Screen please click the CleanUp button.
  • Follow the prompts to remove the tool we have used including OTViewIT.
*Note:If it requires a reboot, please do so.


Congratulations! You now appear clean! :) :thumbsup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :)


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Cosine

Cosine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 December 2008 - 09:51 PM

EB, Thanks for all the help and for volunteering your time to keep our PCs clean.

Have a great New Year!

Cosine

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 AM

Posted 25 December 2008 - 11:03 PM

Hello.

I'm glad I can help. Hope you have a great New Year.

Since the problem seems to be resolved, this topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users