Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dnscharger


  • This topic is locked This topic is locked
23 replies to this topic

#1 Jenn Shaffahhhh

Jenn Shaffahhhh

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 05 April 2009 - 07:36 PM

okay, my last thread was closed.
http://www.bleepingcomputer.com/forums/t/215492/infected-with-a-trojandns/


here are all the things i was asked for.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07, on 2008-12-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jennifer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jennifer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5753 bytes



ComboFix 09-04-04.01 - Jennifer 2009-04-05 20:22:52.3 - NTFSx86
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-05 20:17 . 2006-03-03 00:42 73,728 --a--c--- C:\pv.exe
2009-03-26 00:43 . 2009-03-26 00:43 d-------- c:\users\Jennifer\AppData\Roaming\Yahoo!
2009-03-26 00:42 . 2009-03-26 00:45 d-------- c:\users\All Users\Yahoo!
2009-03-26 00:42 . 2009-03-26 00:45 d-------- c:\programdata\Yahoo!
2009-03-26 00:42 . 2009-03-29 18:44 d-------- c:\program files\Yahoo!
2009-03-06 16:00 . 2009-03-06 16:00 d-------- c:\program files\FrostWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 00:11 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 07:45 --------- d-----w c:\users\Jennifer\AppData\Roaming\FrostWire
2009-04-01 15:56 --------- d-----w c:\users\Jennifer\AppData\Roaming\uTorrent
2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-07 08:12 --------- d-----w c:\programdata\CyberLink
2009-02-27 05:14 --------- d-----w c:\programdata\Viewpoint
2009-02-27 05:05 --------- d-----w c:\program files\Common Files\AOL
2009-02-27 02:10 --------- d-----w c:\program files\Common Files\Software Update Utility
2009-02-18 02:54 --------- d-----w c:\users\Jennifer\AppData\Roaming\Aim
2009-02-18 02:54 --------- d-----w c:\program files\AOD
2009-02-18 02:54 --------- d-----w c:\program files\AIM
2009-02-18 02:42 --------- d-----w c:\programdata\Kaspersky Lab
2009-02-18 01:41 --------- d-----w c:\program files\PhotoScape
2009-02-16 22:08 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-16 03:10 --------- d-----w c:\users\Jennifer\AppData\Roaming\acccore
2009-02-16 03:06 --------- d-----w c:\programdata\acccore
2009-02-15 21:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-15 21:56 --------- d-----w c:\program files\Verizon
2009-02-15 21:52 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-15 21:39 --------- d-----w c:\programdata\Lavasoft
2009-02-10 21:37 --------- d-----w c:\program files\verizon_broad
2009-02-10 21:19 --------- d-----w c:\program files\InstallShield Installation Information
2009-02-10 21:06 --------- d-----w c:\users\Jennifer\AppData\Roaming\Verizon
2009-02-10 21:06 --------- d-----w c:\programdata\Verizon
2009-02-09 20:54 --------- d-----w c:\program files\Real
2009-02-09 20:54 --------- d-----w c:\program files\Common Files\Real
2009-02-09 19:52 --------- d-----w c:\users\Jennifer\AppData\Roaming\Apple Computer
2009-02-06 19:03 --------- d-----w c:\users\Jennifer\AppData\Roaming\Media Player Classic
2009-02-06 18:59 --------- d-----w c:\program files\Window Gadgets
2009-02-06 18:42 --------- d-----w c:\users\Jennifer\AppData\Roaming\iScreensaver
2009-02-06 18:30 --------- d-----w c:\programdata\HP
2009-02-06 18:30 --------- d-----w c:\program files\HP
2009-02-06 18:28 --------- d-----w c:\users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2009-02-06 18:23 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-06 01:36 --------- d-----w c:\program files\Microsoft Windows OneCare Live
2008-08-29 17:33 47,360 ----a-w c:\users\Jennifer\AppData\Roaming\pcouffin.sys
2008-07-02 17:04 174 --sha-w c:\program files\desktop.ini
2007-09-05 09:52 476,752 ----a-w c:\users\All Users\pswi_preloaded.exe
2007-09-05 09:52 476,752 ----a-w c:\programdata\pswi_preloaded.exe
2008-11-04 07:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-04 07:57 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-04 07:57 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-07-21 09:49 168 --sh--r c:\windows\System32\DEE8856056.sys
2008-07-21 09:49 5,018 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-12-14 07:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008120120081208\index.dat
2008-12-18 14:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008120820081215\index.dat
2008-12-18 14:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008121820081219\index.dat
2008-12-20 17:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008122020081221\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-08_15.21.41.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-01 18:02:54 59,668,072 ----a-w c:\windows\bin\setup.exe
- 2008-10-02 18:18:36 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-02-27 02:09:04 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2008-10-28 21:25:00 453,512 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2008-12-30 18:41:50 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2009-02-16 06:17:40 51,200 ----a-w c:\windows\inf\infpub.dat
- 2008-12-29 02:39:12 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2009-02-16 06:17:40 86,016 ----a-w c:\windows\inf\infstor.dat
- 2008-12-30 18:41:50 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2009-02-16 06:17:39 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2009-02-05 04:09:57 10,134 ----a-r c:\windows\Installer\{011A2240-08DF-45BB-AA4E-1A78637CCF80}\ARPPRODUCTICON.exe
- 2007-04-23 20:06:55 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\CineMagicShortcut_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-01-13 22:50:38 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\CineMagicShortcut_8E832933A07340209FB8DBADC480B69B.exe
- 2007-04-23 20:06:55 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut13_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-01-13 22:50:38 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut13_8E832933A07340209FB8DBADC480B69B.exe
- 2007-04-23 20:06:55 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut15_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-01-13 22:50:38 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut15_8E832933A07340209FB8DBADC480B69B.exe
- 2007-04-23 20:06:55 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut16_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-01-13 22:50:38 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut16_8E832933A07340209FB8DBADC480B69B.exe
- 2007-04-23 20:06:55 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut32_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-01-13 22:50:38 25,214 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut32_8E832933A07340209FB8DBADC480B69B.exe
- 2007-04-23 20:06:55 3,638 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
+ 2009-01-13 22:50:38 3,638 ----a-r c:\windows\Installer\{938B1CD7-7C60-491E-AA90-1F1888168240}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2009-01-06 00:44:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-31 04:57:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-06 00:44:19 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-31 04:57:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-04 07:02:24 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2009-02-10 21:10:55 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2009-01-08 20:19:39 1,310,720 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-31 04:59:44 1,310,720 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-04 07:03:58 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2009-02-10 21:10:55 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2009-01-08 20:19:32 1,310,720 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-31 04:59:38 1,310,720 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2007-01-05 14:04:10 466,944 ----a-w c:\windows\System32\capicom.dll
+ 2006-06-15 15:39:18 516,832 ----a-w c:\windows\System32\CapiCom.dll
- 2009-01-06 00:45:16 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-06 20:07:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-06 00:46:07 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 20:07:17 229,376 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-23 09:08:12 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2009-02-10 21:10:55 262,144 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2009-02-10 21:10:55 262,144 ---ha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1
- 2009-01-06 00:45:16 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-06 20:07:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-08 20:13:12 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-04-06 00:22:27 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2007-02-02 08:00:00 9,464 ----a-w c:\windows\System32\drivers\cdralw2k.sys
+ 2006-10-18 08:00:00 2,560 ----a-w c:\windows\System32\drivers\cdralw2k.sys
+ 2007-04-19 16:36:50 48,384 ----a-w c:\windows\System32\DriverStore\FileRepository\rp_pkt32_mf.inf_5a314f80\rp_pkt32.sys
+ 2007-04-19 16:36:50 48,384 ----a-w c:\windows\System32\DriverStore\FileRepository\rp_pkt32_pf.inf_6e35963d\rp_pkt32.sys
+ 2008-04-24 19:02:36 53,192 ----a-w c:\windows\System32\DriverStore\FileRepository\rp_skt32.inf_fa13ae56\rp_skt32.sys
- 2008-12-12 17:40:11 1,653,440 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-02-02 20:22:53 1,653,440 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
- 2007-11-21 00:52:38 2,884,992 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32.dll
- 2007-11-21 00:52:40 218,496 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-03-26 04:44:29 88,590 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
- 2008-02-14 14:24:01 70,264 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-03 06:56:12 84,661 ----a-w c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-07 23:35:08 113,466 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-01 05:01:26 113,466 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-07 23:35:09 634,344 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-01 05:01:26 634,344 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-20 07:35:38 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-15 21:58:04 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-01-06 00:49:08 13,546 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1513765705-769051305-1750566984-1000_UserData.bin
+ 2009-03-31 04:59:56 15,694 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1513765705-769051305-1750566984-1000_UserData.bin
- 2009-01-06 00:49:07 64,176 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-31 04:59:56 67,358 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-06 00:48:47 51,238 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-31 04:59:52 55,312 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-07-05 20:51:45 51,056 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-01-09 02:26:41 75,528 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-12-20 07:39:34 136,124,782 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-10 23:04:24 136,148,654 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-10 23:03:46 161,784 ----a-w c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
+ 2009-02-10 23:03:57 225,280 ----a-w c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcm90.dll
+ 2009-02-10 23:03:57 572,928 ----a-w c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
+ 2009-02-10 23:03:57 655,872 ----a-w c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
+ 2009-02-10 23:04:14 312,832 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb\msvcm90d.dll
+ 2009-02-10 23:04:14 875,520 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb\msvcp90d.dll
+ 2009-02-10 23:04:14 1,180,672 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb\msvcr90d.dll
+ 2009-02-10 23:04:19 5,937,144 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfc90d.dll
+ 2009-02-10 23:04:19 5,982,720 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfc90ud.dll
+ 2009-02-10 23:04:19 80,896 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfcm90d.dll
+ 2009-02-10 23:04:19 80,896 ----a-w c:\windows\winsxs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e\mfcm90ud.dll
+ 2009-02-10 23:04:02 3,768,312 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
+ 2009-02-10 23:04:01 3,783,672 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2009-02-10 23:04:01 59,904 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2009-02-10 23:04:02 59,904 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2009-02-10 23:04:08 38,912 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2009-02-10 23:04:08 39,936 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2009-02-10 23:04:08 66,560 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2009-02-10 23:04:08 56,832 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2009-02-10 23:04:08 65,024 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2009-02-10 23:04:08 65,024 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2009-02-10 23:04:08 66,048 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2009-02-10 23:04:08 64,512 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2009-02-10 23:04:08 46,592 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2009-02-10 23:04:09 46,080 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2009-02-10 23:04:09 62,976 ----a-w c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-03-26 1277584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-22 15:49 13539872 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-22 15:49 92704 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2008-05-22 15:49 526880 c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2008-01-15 11:26 4874240 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2BA7BB0-0A5D-4AD1-A567-9CDB56C66DA4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7CFD448-8992-4C98-A715-056437C829ED}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{883B765C-92CD-4879-8402-E0FC1F059436}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4FA0E868-3BCF-4380-A754-A522F3EC9FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B1A873B2-04D8-4433-9227-4B0E81AA9A49}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3B844328-D30C-4F0D-B0E2-4A50DC50570D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8C61405D-C85F-4BBE-A6A5-5A1BD6819583}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4378B205-0E33-461A-B353-842AAF0C3B03}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7363932D-9202-413D-9C62-BEAA3D7D3B3E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{088FADAB-A564-43D2-8A74-7D715182C659}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97216739-CC2B-4D26-B138-0E1E3FC68355}"= UDP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{94006A0A-5DE5-46E1-8CEB-BC99F853A35E}"= TCP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{808F4B56-9285-4394-B34C-6F115E757E83}"= UDP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{026ED870-B1D7-441E-B6A0-2472B900C617}"= TCP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{4821D79F-52A3-442B-9C47-6957C70510DE}"= UDP:c:\program files\AOL\RC\regclient.exe:AOL
"{C8949732-4A6C-435D-9A9F-A6F151D9A25C}"= TCP:c:\program files\AOL\RC\regclient.exe:AOL
"{ECE8BBFE-0066-4801-92E8-0858A9421EA1}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{FC581E53-2EE5-4E64-80D9-9289A266B86A}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{066587AD-58B6-4A83-BB37-483380C1379C}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{15619F1D-E646-4000-B8EC-899B250DBA20}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"TCP Query User{562674CC-DE7B-42BB-8524-59F1340F4142}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{10A792E6-15A5-4B33-ADF0-33A13EE95DCD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BF3CAFC7-DB97-4D29-9BB9-10D7F86E587F}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{9702843F-D890-4A5E-92E2-8B66AED93B14}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{D61F5E30-0F44-4723-ACF8-19423F0CB1D2}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A2A5D206-78D2-40D7-985C-3446A51667CB}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{4982591D-4AF0-4D4D-B001-88FF026CFACE}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{493AF747-84E6-4AD4-B0E7-3DB838BC0F8D}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{CC33E543-43BA-4889-BADC-96B0B909230E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{26E0974F-B888-4EB5-9324-523F2E245395}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{E128AAF2-C17B-4EC8-B0F6-946EF6050461}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{F68BA7EE-6F2A-4E14-AE06-5F3B35F45F2B}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{A570943C-6C7B-4246-B57D-3B4AF7153747}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{9739A281-5D94-49D1-8EEF-EC3C8EEDAE13}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{E5A1B727-1D01-4F52-83A8-72DA7E89C77E}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0CD605F2-9D58-4052-AAF8-E4DC475D54DF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6EACC334-A68E-484D-A30E-B2556F2C8CB4}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{4DA2CC8D-D02D-48F7-9C02-50FEC1B8930C}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{08E8B9C1-4209-45ED-8870-BBE64E25E8EC}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{84B50661-18D4-4EA7-8F21-103627036011}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{A3F46323-D90F-40CE-88C2-311245A9C554}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4E1F0F99-CE18-42B8-B6AA-5AB74FB17ECA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4FA23331-E858-4BD5-8C2B-C1D65F74747C}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{2035F4CB-C2D0-4CCA-B316-CC3931831B60}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{13A4D7E0-ACEF-4E44-9C46-550DC9000365}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{563B6F97-FC8A-4703-BA45-E88D933CFD15}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{2AD02F10-E8C2-4FAB-8AF7-63801ADE37DC}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{ABF539AC-5702-474D-955D-92AC4C64720A}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{ADB9E731-8381-4A2E-83F7-064F3B3BDF16}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{11FA901B-6170-4F2D-860E-0F24333E3B03}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{DEA35D61-FDB4-4A0F-9586-FB79E5894FE0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1F7DF5A4-20B5-4B7C-9539-F3CCF4D047A4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{80302A4F-2A52-4C93-A5AA-813773BF0C70}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{13136431-27AF-43A7-A7CE-5CC34E483BF9}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"{C3632E97-7F8C-498E-8040-F67E99F15B49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CBC31017-F303-4487-AD57-F2B64F63D15A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\Drivers\avgwfpx.sys [2008-11-15 69128]
R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2008-12-17 30946]
R3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
R4 avg8emc;AVG Free8 E-mail Scanner; [x]
R4 avg8wd;AVG Free8 WatchDog; [x]
R4 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-11-15 97928]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - Ecache
*Deregistered* - fastfat
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - IpFilterDriver
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - udfs
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
*Deregistered* - XAudio

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f213baf-55aa-11dd-b641-00038a000015}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SmartAccess AutoStart - c:\program files\Verizon\DSL\SmartAccess\DSL.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.igoogle.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 20:31:43
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1536)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-04-05 20:35:05
ComboFix-quarantined-files.txt 2009-04-06 00:35:01
ComboFix2.txt 2009-01-08 20:24:13

Pre-Run: 55,701,966,848 bytes free
Post-Run: 55,772,364,800 bytes free

418 --- E O F --- 2008-10-31 06:21:17



Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 6.0.6001 Service Pack 1

2009-04-05 20:31:07
mbam-log-2009-04-05 (20-31-07).txt

Scan type: Quick Scan
Objects scanned: 58826
Time elapsed: 16 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{da1b2d63-45df-4b40-bd10-3344d82e2f88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 0.255.112.191 85.255.112.181 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:09:39 PM

Posted 15 April 2009 - 01:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 15 April 2009 - 11:18 PM

Thank you so much for getting back to me. My problem still hasn't been solved.
Basically my computer is running kind of sluggish. I get these advertisement pop ups while using the internet. Sometimes not that many.. and other times I get 10 or 12. I also cannot update my computer.. or any other programs.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jennifer at 0:15:07.05 on Thu 04/16/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
AV: AVG *On-access scanning disabled* (Outdated)

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.igoogle.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {35065594-9169-4A34-B167-FC4865038E53} - No File
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-14 15:22 <DIR> --d----- c:\program files\SpywareBlaster
2009-04-05 20:17 73,728 ac------ C:\pv.exe
2009-03-26 00:42 <DIR> --d----- c:\programdata\Yahoo!
2009-03-26 00:42 <DIR> --d----- c:\program files\Yahoo!

==================== Find3M ====================

2009-03-26 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-16 02:17 86,016 a------- c:\windows\inf\infstor.dat
2009-02-16 02:17 51,200 a------- c:\windows\inf\infpub.dat
2009-02-16 02:17 143,360 a------- c:\windows\inf\infstrng.dat
2008-08-29 13:33 47,360 a------- c:\users\jennifer\appdata\roaming\pcouffin.sys
2008-07-02 13:04 174 a--sh--- c:\program files\desktop.ini
2008-07-02 03:18 665,600 a------- c:\windows\inf\drvindex.dat
2007-09-05 05:52 476,752 a------- c:\programdata\pswi_preloaded.exe
2007-09-05 05:52 476,752 a------- c:\progra~2\pswi_preloaded.exe
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-04 03:57 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-04 03:57 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-04 03:57 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-07-21 05:49 168 ---shr-- c:\windows\system32\DEE8856056.sys
2008-07-21 05:49 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 0:15:56.79 ===============

#4 sundavis

sundavis

  • Malware Response Team
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 17 April 2009 - 11:06 PM

Hi Jenn Shaffahhhh,


The fixes are specific to your problem and should only be used for this issue on this machine.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic. Thanks


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar




Step1

Please disable Windows Defender real time protection. or it will interfere.
  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.

Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time. Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<

In your next reply, please post back:

1.Combofix log
2.RSIT log.txt and info.txt.

Tell me how your pc is acting now.

#5 sundavis

sundavis

  • Malware Response Team
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 21 April 2009 - 04:20 AM

Hi Jenn Shaffahhhh,


How things go? Still with us? :thumbup2:

#6 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 April 2009 - 12:17 PM

So I came across a few problems while going through the steps you gave me.
1. It says viewpoint is not installed on my computer, so I cannot uninstall it.
2. I was able to run Combofix.. but when I tried to run the RSIT a pop up comes up that says "line-1: Error: Variable used without being declared" and it will not allow me to run the program.

So, the only thing out of those few steps I could do was run combofix, and here is the log from it.



ComboFix 09-04-21.A8 - Jennifer 04/21/2009 12:45.4 - NTFSx86
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-14 19:22 . 2009-04-14 19:22 -------- d-----w c:\program files\SpywareBlaster
2009-03-26 04:46 . 2009-03-26 04:46 -------- d-----w c:\users\Jennifer\AppData\Local\Yahoo
2009-03-26 04:43 . 2009-03-26 04:43 -------- d-----w c:\users\Jennifer\AppData\Roaming\Yahoo!
2009-03-26 04:42 . 2009-03-26 04:45 -------- d-----w c:\users\All Users\Yahoo!
2009-03-26 04:42 . 2009-03-26 04:45 -------- d-----w c:\programdata\Yahoo!
2009-03-26 04:42 . 2009-03-29 22:44 -------- d-----w c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 00:11 . 2008-12-12 18:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-05 07:45 . 2008-04-11 23:02 -------- d-----w c:\users\Jennifer\AppData\Roaming\FrostWire
2009-04-01 15:56 . 2008-10-02 22:21 -------- d-----w c:\users\Jennifer\AppData\Roaming\uTorrent
2009-03-26 20:49 . 2008-12-12 18:01 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 . 2008-12-12 18:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-07 08:12 . 2007-04-23 20:09 -------- d-----w c:\programdata\CyberLink
2009-03-06 20:00 . 2009-03-06 20:00 -------- d-----w c:\program files\FrostWire
2009-02-27 05:14 . 2007-08-23 22:04 -------- d-----w c:\programdata\Viewpoint
2009-02-27 05:05 . 2007-12-20 08:08 -------- d-----w c:\program files\Common Files\AOL
2009-02-27 02:10 . 2007-12-20 08:07 3077 -c-ha-w C:\IPH.PH
2009-02-27 02:10 . 2009-02-27 02:10 -------- d-----w c:\program files\Common Files\Software Update Utility
2009-02-16 06:17 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-02-16 06:17 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-02-16 06:17 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-02-06 19:47 . 2008-12-14 03:03 256 -c--a-w C:\FINIS_IT.TXT
2009-02-06 18:22 . 2008-12-29 02:57 909 -c--a-w C:\updatedatfix.log
2009-02-05 03:55 . 2009-02-05 03:55 571 -c--a-w C:\NTDClient.log
2009-02-02 06:38 . 2007-08-23 01:10 76216 ----a-w c:\users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2008-08-29 17:33 . 2008-06-19 22:31 47360 ----a-w c:\users\Jennifer\AppData\Roaming\pcouffin.sys
2008-07-02 17:04 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2007-09-05 09:52 . 2007-09-05 09:52 476752 ----a-w c:\users\All Users\pswi_preloaded.exe
2007-09-05 09:52 . 2007-09-05 09:52 476752 ----a-w c:\programdata\pswi_preloaded.exe
2008-11-04 07:57 . 2008-10-01 15:42 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-04 07:57 . 2008-10-01 15:42 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-04 07:57 . 2008-10-01 15:42 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-07-21 09:49 . 2007-09-05 02:04 168 --sh--r c:\windows\System32\DEE8856056.sys
2008-07-21 09:49 . 2007-09-05 02:04 5018 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-12-14 07:52 . 2008-12-14 07:53 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008120120081208\index.dat
2008-12-18 14:38 . 2008-12-18 14:38 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008120820081215\index.dat
2008-12-18 14:38 . 2008-12-18 14:38 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008121820081219\index.dat
2008-12-20 17:34 . 2008-12-20 17:35 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008122020081221\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2BA7BB0-0A5D-4AD1-A567-9CDB56C66DA4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7CFD448-8992-4C98-A715-056437C829ED}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{883B765C-92CD-4879-8402-E0FC1F059436}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4FA0E868-3BCF-4380-A754-A522F3EC9FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B1A873B2-04D8-4433-9227-4B0E81AA9A49}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3B844328-D30C-4F0D-B0E2-4A50DC50570D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8C61405D-C85F-4BBE-A6A5-5A1BD6819583}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4378B205-0E33-461A-B353-842AAF0C3B03}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7363932D-9202-413D-9C62-BEAA3D7D3B3E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{088FADAB-A564-43D2-8A74-7D715182C659}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97216739-CC2B-4D26-B138-0E1E3FC68355}"= UDP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{94006A0A-5DE5-46E1-8CEB-BC99F853A35E}"= TCP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{808F4B56-9285-4394-B34C-6F115E757E83}"= UDP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{026ED870-B1D7-441E-B6A0-2472B900C617}"= TCP:c:\program files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{4821D79F-52A3-442B-9C47-6957C70510DE}"= UDP:c:\program files\AOL\RC\regclient.exe:AOL
"{C8949732-4A6C-435D-9A9F-A6F151D9A25C}"= TCP:c:\program files\AOL\RC\regclient.exe:AOL
"{ECE8BBFE-0066-4801-92E8-0858A9421EA1}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{FC581E53-2EE5-4E64-80D9-9289A266B86A}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{066587AD-58B6-4A83-BB37-483380C1379C}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{15619F1D-E646-4000-B8EC-899B250DBA20}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"TCP Query User{562674CC-DE7B-42BB-8524-59F1340F4142}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{10A792E6-15A5-4B33-ADF0-33A13EE95DCD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BF3CAFC7-DB97-4D29-9BB9-10D7F86E587F}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{9702843F-D890-4A5E-92E2-8B66AED93B14}c:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_03\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{D61F5E30-0F44-4723-ACF8-19423F0CB1D2}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A2A5D206-78D2-40D7-985C-3446A51667CB}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{4982591D-4AF0-4D4D-B001-88FF026CFACE}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{493AF747-84E6-4AD4-B0E7-3DB838BC0F8D}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{CC33E543-43BA-4889-BADC-96B0B909230E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{26E0974F-B888-4EB5-9324-523F2E245395}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{E128AAF2-C17B-4EC8-B0F6-946EF6050461}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{F68BA7EE-6F2A-4E14-AE06-5F3B35F45F2B}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{A570943C-6C7B-4246-B57D-3B4AF7153747}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{9739A281-5D94-49D1-8EEF-EC3C8EEDAE13}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{E5A1B727-1D01-4F52-83A8-72DA7E89C77E}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0CD605F2-9D58-4052-AAF8-E4DC475D54DF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6EACC334-A68E-484D-A30E-B2556F2C8CB4}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{4DA2CC8D-D02D-48F7-9C02-50FEC1B8930C}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{08E8B9C1-4209-45ED-8870-BBE64E25E8EC}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{84B50661-18D4-4EA7-8F21-103627036011}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{A3F46323-D90F-40CE-88C2-311245A9C554}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4E1F0F99-CE18-42B8-B6AA-5AB74FB17ECA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4FA23331-E858-4BD5-8C2B-C1D65F74747C}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{2035F4CB-C2D0-4CCA-B316-CC3931831B60}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{13A4D7E0-ACEF-4E44-9C46-550DC9000365}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{563B6F97-FC8A-4703-BA45-E88D933CFD15}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{2AD02F10-E8C2-4FAB-8AF7-63801ADE37DC}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{ABF539AC-5702-474D-955D-92AC4C64720A}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{ADB9E731-8381-4A2E-83F7-064F3B3BDF16}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{11FA901B-6170-4F2D-860E-0F24333E3B03}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{DEA35D61-FDB4-4A0F-9586-FB79E5894FE0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1F7DF5A4-20B5-4B7C-9539-F3CCF4D047A4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{80302A4F-2A52-4C93-A5AA-813773BF0C70}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{13136431-27AF-43A7-A7CE-5CC34E483BF9}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"{C3632E97-7F8C-498E-8040-F67E99F15B49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CBC31017-F303-4487-AD57-F2B64F63D15A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\Drivers\avgwfpx.sys [2008-11-16 69128]
R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2008-12-18 30946]
R3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
R4 avg8emc;AVG Free8 E-mail Scanner; [x]
R4 avg8wd;AVG Free8 WatchDog; [x]
R4 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-11-16 97928]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - Beep
*Deregistered* - bowser
*Deregistered* - cdfs
*Deregistered* - CLFS
*Deregistered* - crcdisk
*Deregistered* - DfsC
*Deregistered* - DXGKrnl
*Deregistered* - Ecache
*Deregistered* - FileInfo
*Deregistered* - FltMgr
*Deregistered* - HTTP
*Deregistered* - IpFilterDriver
*Deregistered* - iScsiPrt
*Deregistered* - KSecDD
*Deregistered* - lltdio
*Deregistered* - luafv
*Deregistered* - MountMgr
*Deregistered* - mpsdrv
*Deregistered* - MRxDAV
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
*Deregistered* - XAudio

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f213baf-55aa-11dd-b641-00038a000015}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.igoogle.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 12:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-21 12:54
ComboFix-quarantined-files.txt 2009-04-21 16:54
ComboFix2.txt 2009-04-06 00:35
ComboFix3.txt 2009-01-08 20:24

Pre-Run: 54,702,469,120 bytes free
Post-Run: 54,695,211,008 bytes free

256 --- E O F --- 2008-10-31 06:21

#7 sundavis

sundavis

  • Malware Response Team
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 21 April 2009 - 01:05 PM

Hi Jenn Shaffahhhh,



Step1

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


In your next reply, please post back:

1.OTListIt2 .txt and Extra.txt

Please detail the problems you're experiencing now. Thanks.

#8 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 April 2009 - 02:12 PM

My problems haven't got any better or worse. I still cannot update anything and the pop ups are coming up just as frequent.


OTListIt Extras logfile created on: 4/21/2009 3:07:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

445.76 Mb Total Physical Memory | 72.15 Mb Available Physical Memory | 16.19% Memory free
1.39 Gb Paging File | 0.73 Gb Available in Paging File | 52.68% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.64 Gb Total Space | 51.20 Gb Free Space | 54.68% Space Free | Partition Type: NTFS
Drive D: | 8.38 Gb Total Space | 0.96 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.76 Gb Total Space | 9.69 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM-PC
Current User Name: Jennifer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011A2240-08DF-45BB-AA4E-1A78637CCF80}" = RPS CRT
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Instant Messenger" = AOL Instant Messenger
"AviSynth" = AviSynth 2.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"FrostWire" = FrostWire 4.17.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoScape" = PhotoScape
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2009 11:37:13 PM | Computer Name = William-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 3/10/2009 7:35:07 PM | Computer Name = William-PC | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, time stamp 0x42f3b926,
faulting module oscarui.dll_unloaded, version 0.0.0.0, time stamp 0x42f3b8d8, exception
code 0xc0000005, fault offset 0x1221254f, process id 0xee0, application start time
0x01c9a1d282006d80.

Error - 3/11/2009 11:28:06 PM | Computer Name = William-PC | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, time stamp 0x42f3b926,
faulting module oscarui.dll_unloaded, version 0.0.0.0, time stamp 0x42f3b8d8, exception
code 0xc0000005, fault offset 0x1221254f, process id 0xa30, application start time
0x01c9a2b179617ce8.

Error - 3/14/2009 4:15:49 AM | Computer Name = William-PC | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, time stamp 0x42f3b926,
faulting module oscarui.dll_unloaded, version 0.0.0.0, time stamp 0x42f3b8d8, exception
code 0xc0000005, fault offset 0x1221254f, process id 0xc8c, application start time
0x01c9a4105a607668.

Error - 3/14/2009 12:41:53 PM | Computer Name = William-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/15/2009 9:37:35 PM | Computer Name = William-PC | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.3861.0, time stamp 0x42f3b926,
faulting module oscarui.dll_unloaded, version 0.0.0.0, time stamp 0x42f3b8d8, exception
code 0xc0000005, fault offset 0x1221254f, process id 0x990, application start time
0x01c9a4d258c771b8.

Error - 3/18/2009 12:03:32 AM | Computer Name = William-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/18/2009 2:05:37 AM | Computer Name = William-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/18/2009 2:05:38 AM | Computer Name = William-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/20/2009 1:31:25 AM | Computer Name = William-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 4/20/2009 8:24:40 AM | Computer Name = William-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001BB95343BD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/20/2009 8:24:43 PM | Computer Name = William-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001BB95343BD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/21/2009 8:24:45 AM | Computer Name = William-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001BB95343BD has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/21/2009 12:57:14 PM | Computer Name = William-PC | Source = DCOM | ID = 10010
Description =

Error - 4/21/2009 1:08:07 PM | Computer Name = William-PC | Source = HTTP | ID = 15016
Description =

Error - 4/21/2009 1:08:39 PM | Computer Name = William-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/21/2009 1:08:39 PM | Computer Name = William-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/21/2009 1:08:39 PM | Computer Name = William-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/21/2009 1:09:07 PM | Computer Name = William-PC | Source = DCOM | ID = 10010
Description =

Error - 4/21/2009 1:09:37 PM | Computer Name = William-PC | Source = DCOM | ID = 10010
Description =


< End of report >


OTListIt logfile created on: 4/21/2009 3:07:12 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

445.76 Mb Total Physical Memory | 72.15 Mb Available Physical Memory | 16.19% Memory free
1.39 Gb Paging File | 0.73 Gb Available in Paging File | 52.68% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.64 Gb Total Space | 51.20 Gb Free Space | 54.68% Space Free | Partition Type: NTFS
Drive D: | 8.38 Gb Total Space | 0.96 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.76 Gb Total Space | 9.69 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILLIAM-PC
Current User Name: Jennifer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/05/22 15:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2008/01/19 03:33:10 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/02 05:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpsvcs.exe
PRC - [2008/01/19 03:33:31 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmp.exe
PRC - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe
PRC - [2005/08/05 16:08:26 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/03/28 04:09:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/21 15:06:37 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/01/19 03:33:43 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inetsrv\apphostsvc.dll -- (AppHostSvc [Auto | Running])
SRV - File not found -- -- (avg8emc [Disabled | Stopped])
SRV - File not found -- -- (avg8wd [Disabled | Stopped])
SRV - [2008/01/05 07:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/05 07:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/29 10:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [Disabled | Stopped])
SRV - [2007/03/13 03:23:18 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/13 03:23:18 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/05 07:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/01/05 07:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/05/22 15:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\system32\PSIService.exe -- (ProtexisLicensing [Disabled | Stopped])
SRV - [2006/11/02 05:45:49 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpsvcs.exe -- (simptcp [Auto | Running])
SRV - [2008/01/19 03:33:31 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - File not found -- -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/19 03:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inetsrv\iisw3adm.dll -- (W3SVC [Auto | Running])
SRV - [2008/01/19 03:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inetsrv\iisw3adm.dll -- (WAS [On_Demand | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2005/03/29 18:37:44 | 00,456,384 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\system32\DRIVERS\WPN311.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2008/11/15 22:44:18 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2008/11/15 22:44:15 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2008/11/15 22:44:47 | 00,069,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgwfpx.sys -- (AvgWfpX [On_Demand | Stopped])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/05/08 05:03:18 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2008/05/08 05:05:18 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/01/15 19:19:04 | 02,047,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 10:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2007/05/04 05:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/05/22 15:49:00 | 07,465,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/03/19 09:58:50 | 00,101,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2008/12/17 22:56:06 | 00,030,946 | ---- | M] (Greatis Software) -- C:\Windows\system32\drivers\Partizan.sys -- (Partizan [On_Demand | Stopped])
DRV - [2008/06/19 18:31:30 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Stopped])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/04/24 13:33:34 | 00,083,336 | ---- | M] (MCCI Corporation) -- C:\Windows\system32\DRIVERS\s125bus.sys -- (s125bus [On_Demand | Stopped])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 01:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/01 16:18:15 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\Windows\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2008/05/08 05:04:16 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/10/18 07:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\S-1-5-21-1513765705-769051305-1750566984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\S-1-5-21-1513765705-769051305-1750566984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: SendToPhone@myxertones.com:1.0.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.26
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {7ef7f4d6-947d-11dc-8314-0800200c9a66}:3.0.1
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20081205
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.2
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 04:09:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 04:09:10 | 00,000,000 | ---D | M]

[2008/09/30 15:56:08 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2008/09/30 15:56:08 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/21 14:07:57 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\0xhb1k9f.default\extensions
[2008/12/12 17:50:11 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\0xhb1k9f.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2008/12/12 17:46:17 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\0xhb1k9f.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2008/12/12 17:42:49 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\0xhb1k9f.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2008/10/02 17:30:41 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\0xhb1k9f.default\extensions\moveplayer@movenetworks.com
[2008/12/12 17:55:05 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\0xhb1k9f.default\extensions\nasanightlaunch@example.com
[2008/07/03 02:57:06 | 00,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\0xhb1k9f.default\extensions\OberonGameHost@OberonGames.com
[2009/03/29 18:45:23 | 00,001,739 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\FireFox\Profiles\0xhb1k9f.default\searchplugins\aim-search.xml
[2009/02/15 23:20:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 04:09:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/24 05:07:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/14 17:32:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 23:49:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/11/21 14:36:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008/12/12 17:29:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 04:08:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 04:08:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/30 02:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 02:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 02:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 02:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 02:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 02:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 02:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - Reg Error: Key error. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: 1227 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 1227 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 1227 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 1227 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1513765705-769051305-1750566984-1000\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 16:14:29 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f213baf-55aa-11dd-b641-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0f213baf-55aa-11dd-b641-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/21 15:05:30 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTListIt2.exe
[2009/04/21 13:12:40 | 00,781,909 | ---- | C] () -- C:\Users\Jennifer\Desktop\RSIT.exe
[2009/04/21 12:42:25 | 02,998,676 | R--- | C] () -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2009/04/20 17:37:17 | 02,735,897 | ---- | C] () -- C:\Users\Jennifer\Documents\DSC04095.JPG
[2009/04/20 17:36:15 | 02,614,297 | ---- | C] () -- C:\Users\Jennifer\Documents\DSC04093.JPG
[2009/04/05 20:35:10 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/04/05 02:05:36 | 00,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\FrostWire
[2009/04/03 17:48:39 | 00,013,078 | -HS- | C] () -- C:\Users\Jennifer\Desktop\AlbumArt_{62EFA6B4-287B-412B-9FC2-F3B810990F8D}_Large.jpg
[2009/04/03 17:48:39 | 00,002,544 | -HS- | C] () -- C:\Users\Jennifer\Desktop\AlbumArt_{62EFA6B4-287B-412B-9FC2-F3B810990F8D}_Small.jpg
[2009/03/26 00:46:00 | 00,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Yahoo
[2009/03/26 00:43:57 | 00,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Yahoo!
[2009/03/26 00:42:54 | 00,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo.lnk
[2009/03/26 00:42:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2009/03/26 00:42:31 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2008/12/09 00:59:57 | 00,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2008/12/08 23:27:09 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/10/28 18:59:24 | 00,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2008/10/18 03:53:45 | 00,000,056 | ---- | C] () -- C:\Windows\VideoConvert.INI
[2008/06/19 20:25:27 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/22 18:19:46 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/11 02:26:43 | 00,000,067 | ---- | C] () -- C:\Windows\Easy Video to DVD.INI
[2008/04/07 16:22:00 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2007/11/04 17:50:44 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2007/09/04 22:04:58 | 00,000,168 | RHS- | C] () -- C:\Windows\System32\DEE8856056.sys
[2007/09/04 22:04:57 | 00,005,018 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/04/23 15:29:03 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/04/23 15:29:02 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/23 08:52:14 | 00,207,872 | ---- | C] () -- C:\Windows\System32\OneWay.dll
[2005/07/15 14:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2002/06/02 11:05:40 | 00,038,912 | ---- | C] () -- C:\Windows\System32\1Way.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[6 C:\Windows\System32\*.tmp files]
[2009/04/21 15:06:37 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTListIt2.exe
[2009/04/21 13:12:58 | 00,744,016 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/21 13:12:58 | 00,634,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/21 13:12:58 | 00,113,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/21 13:12:47 | 00,781,909 | ---- | M] () -- C:\Users\Jennifer\Desktop\RSIT.exe
[2009/04/21 13:08:19 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/21 13:08:19 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/21 13:08:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/21 13:07:52 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/21 13:05:23 | 02,684,863 | -H-- | M] () -- C:\Users\Jennifer\AppData\Local\IconCache.db
[2009/04/21 12:51:01 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/04/21 12:43:20 | 02,998,676 | R--- | M] () -- C:\Users\Jennifer\Desktop\ComboFix.exe
[2009/04/21 09:58:08 | 00,109,568 | ---- | M] () -- C:\Windows\VFIND.exe
[2009/04/20 18:49:25 | 00,173,056 | -H-- | M] () -- C:\Users\Jennifer\Desktop\photothumb.db
[2009/04/20 18:06:03 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/20 17:37:18 | 02,735,897 | ---- | M] () -- C:\Users\Jennifer\Documents\DSC04095.JPG
[2009/04/20 17:36:22 | 02,614,297 | ---- | M] () -- C:\Users\Jennifer\Documents\DSC04093.JPG
[2009/04/05 20:01:19 | 00,132,608 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 17:48:47 | 00,000,373 | -HS- | M] () -- C:\Users\Jennifer\Desktop\desktop.ini
[2009/04/03 17:48:30 | 00,013,078 | -HS- | M] () -- C:\Users\Jennifer\Desktop\Folder.jpg
[2009/04/03 17:48:30 | 00,013,078 | -HS- | M] () -- C:\Users\Jennifer\Desktop\AlbumArt_{62EFA6B4-287B-412B-9FC2-F3B810990F8D}_Large.jpg
[2009/04/03 17:48:23 | 00,002,544 | -HS- | M] () -- C:\Users\Jennifer\Desktop\AlbumArtSmall.jpg
[2009/04/03 17:48:23 | 00,002,544 | -HS- | M] () -- C:\Users\Jennifer\Desktop\AlbumArt_{62EFA6B4-287B-412B-9FC2-F3B810990F8D}_Small.jpg
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/26 00:42:54 | 00,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo.lnk
< End of report >

#9 sundavis

sundavis

  • Malware Response Team
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 21 April 2009 - 02:24 PM

Hi Jenn Shaffahhhh,


What kind of pop ups you're experiencing? Can you more specific? Which progran can't update ? Thanks

#10 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 April 2009 - 02:30 PM

I can't update windows.. or anything on windows. I also cannot update any of my spyware prgrams like malware bytes.
The popups are on firefox and internet explorer. Whenever I use am using the browser advertisement pop ups are constantly coming up.

#11 sundavis

sundavis

  • Malware Response Team
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 21 April 2009 - 03:02 PM

Hi Jenn Shaffahhhh,



I notice there is sign of one P2P (Person to Person) File Sharing Programs on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
You are well advised to remove it. Go to start > control panel > programs and features. Right click on any instances of those files listed below and uninstall them.

FrostWire 4.17.2
µTorrent
LimeWire



Step1

Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on programs and features and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • Java 6 Update 11
      Java 6 Update 2
      Java 6 Update 3
      Java 6 Update 5
  • Right click the outdated java and select uninstall .
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
Step2

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Step3

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type/paste the following bold and then hit enter:
ipconfig /flushdns
7. You will see the following confirmation:


Windows IP Configuration
Successfully flushed the DNS Resolver Cache.


After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.


Step4

Please go to Here and Download System Repair Engine by smallfrogs

  • Extract it to Desktop & double click SREng.exe to run it
  • Select 'Smart Scan' & tick "Verify the digital signatures of process modules"
  • Click on the Scan button
  • Before scanning the computer, Close all browsers and other programs except SREng.
  • When finished, click on the Save Reports button & save the log to Desktop
  • You can refer to this thread for your reference.
In your next reply, please post back:


1.BitDefender online report
2.SREng log

Tell me how it went.

Edited by sundavis, 21 April 2009 - 03:45 PM.


#12 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 21 April 2009 - 09:47 PM

okay, i got to do everything EXCEPT run the online scan. whatever has affected my computer will not allow me to update internet explorer and for some reason i cannot run internet explorer with any addons. and without addons i cannot run the scan. and i cannot run it with firefox, which is my normal browser. but i did get to run the SRE program and i have the log for that. i'm sorry there are so many complications with this.

2009-04-21,22:41:24

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Basic Edition Service Pack 1 (Build 6001) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows]
	<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><avgrsstx.dll>  [(Verified)AVG Technologies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{97BFB627-6E7B-492A-8B95-61754BAAB54D}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<NBKeyScan><; "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe">  [File is missing]
	<NvCplDaemon><; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvMediaCenter><; RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvSvc><; RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<RtHDVCpl><; RtHDVCpl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<SunJavaUpdateSched><; "C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]

==================================
Startup Folders
N/A

==================================
Services
[AVG Free8 E-mail Scanner / avg8emc][Stopped/Disabled]
  <C:\PROGRA~1\AVG\AVG8\avgemc.exe><(File is missing)>
[AVG Free8 WatchDog / avg8wd][Stopped/Disabled]
  <C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe><(File is missing)>
[getPlus(R) Helper / getPlus(R) Helper][Stopped/Disabled]
  <C:\Program Files\NOS\bin\getPlus_HelperSvc.exe><NOS Microsystems Ltd.>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <"c:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[Net Driver HPZ12 / Net Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
  <C:\Windows\system32\nvvsvc.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[ProtexisLicensing / ProtexisLicensing][Stopped/Disabled]
  <C:\Windows\system32\PSIService.exe><>
[stllssvr / stllssvr][Stopped/Manual Start]
  <"c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"><(File is missing)>
[XAudioService / XAudioService][Running/Auto Start]
  <C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[NETGEAR WPN311 V1H3 Wireless Adapter Service / AR5211][Stopped/Manual Start]
  <system32\DRIVERS\WPN311.sys><Atheros Communications, Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[AVG Free AVI Loader Driver x86 / AvgLdx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgldx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free On-access Scanner Minifilter Driver x86 / AvgMfx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgmfx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free8 Firewall Driver x86 / AvgWfpX][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\avgwfpx.sys><AVG Technologies CZ, s.r.o.>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSX_DP.sys><Conexant Systems, Inc.>
[HSXHWBS2 / HSXHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSXHWBS2.sys><Conexant Systems, Inc.>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[DUAL MODE CAMERA SL310 / MR97310_USB_DUAL_CAMERA][Stopped/Manual Start]
  <system32\DRIVERS\mr97310c.sys><N/A>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\nvmfdx32.sys><NVIDIA Corporation>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[nvstor32 / nvstor32][Running/Boot Start]
  <\SystemRoot\system32\drivers\nvstor32.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[Partizan / Partizan][Stopped/Manual Start]
  <system32\drivers\Partizan.sys><Greatis Software>
[PCDRNDISUIO Usermode I/O Protocol / PcdrNdisuio][Stopped/Manual Start]
  <system32\DRIVERS\pcdrndisuio.sys><N/A>
[VSO Software pcouffin / Pcouffin][Stopped/Manual Start]
  <System32\Drivers\Pcouffin.sys><VSO Software>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[Security Services Driver (x86) / RPSKT][Stopped/Auto Start]
  <system32\DRIVERS\rp_skt32.sys><N/A>
[Sony Ericsson Device 125 driver (WDM) / s125bus][Stopped/Manual Start]
  <system32\DRIVERS\s125bus.sys><MCCI Corporation>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <system32\DRIVERS\wanatw4.sys><America Online, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Running/Auto Start]
  <system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <, >
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\PROGRA~1\AIM\aim.exe, (Signed) America Online, Inc.>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Java Plug-in 1.6.0_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.>
[]
  {00000000-0000-0000-0000-000000000000} <, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {0B83C99C-1EFA-4259-858F-BCB33E007A5B} <, >
[VistaWUWebControl Class]
  {12A66224-5E8A-4679-8941-0B9B960BF5EA} <%SystemRoot%\system32\wuwebv.dll, (Signed) N/A>
[]
  {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <, >
[]
  {201F27D4-3704-41D6-89C1-AA35E39143ED} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {3041D03E-FD4B-44E0-B742-2D9B88305F98} <, >
[]
  {3369AF0D-62E9-4BDA-8103-B4C75499B578} <, >
[]
  {35065594-9169-4A34-B167-FC4865038E53} <, >
[]
  {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF} <, >
[]
  {3C060EA2-E6A9-4E49-A530-D4657B8C449A} <, >
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, N/A>
[]
  {3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {52706EF7-D7A2-49AD-A615-E903858CF284} <, >
[]
  {53707962-6F74-2D53-2644-206D7942484F} <, >
[]
  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <, >
[]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <, >
[]
  {61539ECD-CC67-4437-A03C-9AACCBD14326} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Java Plug-in 1.6.0_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {96372AB6-15EB-4316-B497-71C741BC548C} <, >
[]
  {A057A204-BACC-4D26-8398-26FADCF27386} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
  {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45} <, >
[]
  {B0CDA128-B425-4EEF-A174-61A11AC5DBF8} <, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, (Signed) N/A>
[Java Plug-in 1.6.0_11]
  {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} <, >
[Msxml]
  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {D0943516-5076-4020-A3B5-AEFAF26AB263} <, >
[]
  {D187A56B-A33F-4CBE-9D77-459FC0BAE012} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
  {DE9C389F-3316-41A7-809B-AA305ED9D922} <, >
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <, >

==================================
Running Processes
[PID: 412 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 480 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 528 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 536 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 576 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 600 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 628 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 636 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 796 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 844 / SYSTEM][C:\Windows\system32\nvvsvc.exe]  [NVIDIA Corporation, 7.15.11.7521]
[PID: 872 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 904 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 996 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1028 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1044 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1188 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1236 / SYSTEM][C:\Windows\system32\rundll32.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\NVSVC.DLL]  [NVIDIA Corporation, 7.15.11.7521]
	[C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.11.7521]
[PID: 1256 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1364 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1636 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\System32\hpzlllhn.dll]  [Hewlett-Packard Company, 61.053.25.9]
	[C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpplhn.dll]  [Hewlett-Packard Corporation, 61.053.25.9]
[PID: 1660 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1852 / Jennifer][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1916 / Jennifer][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1980 / Jennifer][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 1, 0, 0]
	[C:\Program Files\AVG\AVG8\avgse.dll]  [AVG Technologies CZ, s.r.o., 8.0.0.134]
[PID: 632 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1016 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\program files\hp\digital imaging\bin\hpqddsvc.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[c:\program files\hp\digital imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[c:\program files\hp\digital imaging\bin\hpqcxs08.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 82.0.242.000]
[PID: 792 / SYSTEM][c:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.4.142.1]
	[c:\Program Files\Common Files\LightScribe\LSSProxy.dll]  [Hewlett-Packard Company, 1.4.142.1]
	[c:\Program Files\Common Files\LightScribe\LSLog.dll]  [Hewlett-Packard Company, 1.4.142.1]
[PID: 1744 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzinw12.dll]  [Hewlett-Packard, 12,1,1,54]
[PID: 1720 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzipm12.dll]  [Hewlett-Packard, 12,1,1,54]
[PID: 1812 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1820 / LOCAL SERVICE][C:\Windows\System32\tcpsvcs.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1828 / SYSTEM][C:\Windows\System32\snmp.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2012 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1960 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1836 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 2128 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe]  [Conexant Systems, Inc., 1.00.15.00]
[PID: 2560 / Jennifer][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.130.3]
[PID: 3024 / Jennifer][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.8]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.8]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.8]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.8]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.8]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.73]
	[C:\Windows\system32\Macromed\Flash\NPSWF32.dll]  [, ]
[PID: 3784 / Jennifer][C:\Users\Jennifer\Desktop\kztechssuite\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 2408 / Jennifer][C:\Users\Jennifer\Desktop\kztechssuite\SRE44a5c718.EXE]  [Smallfrogs Studio, 2.7.0.1210]
	[C:\Users\Jennifer\Desktop\kztechssuite\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 3772 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost
::1			 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] \\Ad-Aware Update (Weekly)
		C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent
[Enabled] \\DPService.exe_1355510030
		C:\Program Files\HP\DVDPlay\DPService.exe update all silent
[Enabled] \\SpywareBot Scheduled Scan
		C:\Program Files\SpywareBot\SpywareBot.exe scheduled
[Enabled] \\{10543612-DA23-42F6-BEBD-55FCDF64F8A5}
		C:\Windows\system32\pcalua.exe -a "C:\Users\Jennifer\AppData\Local\Temp\Temp1_Corel Paint Shop Photo Pro XI v11 (Full Version with Keygen).zip\Setup.exe"
[Enabled] \\{349962AF-3C6B-4E79-8E12-B225D78C6376}
		C:\Windows\system32\pcalua.exe -a "C:\Users\Jennifer\AppData\Local\Temp\Temp1_Adobe Photoshop_CS2 9.0 full.zip\Photoshop CS2\Setup.exe"
[Enabled] \\{6ADE6657-FE9C-4EB6-9591-8EFD43EC0DD8}
		C:\Windows\system32\pcalua.exe -a "C:\My Downloads\Corel Paint Shop Photo Pro XI v11 (Full Version with Keygen)\Setup.exe" -d "C:\My Downloads\Corel Paint Shop Photo Pro XI v11 (Full Version with Keygen)"
[Enabled] \\{6ECE20FD-BBCF-4514-A4CD-5E2B15C399A7}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\AIM\uninstll.exe" -c -LOG= C:\Program Files\AIM\install.log -OEM=
[Enabled] \\{93CC8346-498F-490C-8113-C0B40665DFA1}
		C:\Windows\system32\pcalua.exe -a E:\.\setup.exe -d E:\
[Enabled] \\{BE7B266C-E49A-43D0-9C40-B672DEA8B5AD}
		C:\Windows\system32\pcalua.exe -a C:\Windows\UNNERO.exe -c /UNINSTALL
[Enabled] \\{DAB67390-DBF3-4E25-B6B3-3C7052ACA2AE}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\Grisoft\AVG7\setup.exe" -c /UNINSTALL
[Enabled] \\{DBB0BC1E-5F84-4043-A63B-7A1CEAA352DA}
		C:\Windows\system32\pcalua.exe -a C:\Users\Jennifer\Desktop\wmp11-windowsxp-x86-enu.exe -d C:\Users\Jennifer\Desktop
[Enabled] \\{DF4B377C-4F70-4F2E-BDFF-A06E07C6A59D}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\AOL\uninstaller.exe"
[Enabled] \\{EBBB1470-783C-4442-A9D7-58FA51BCFA38}
		C:\Windows\system32\pcalua.exe -a C:\Users\Jennifer\Desktop\setup_vwmc_trial.exe -d C:\Users\Jennifer\Desktop
[Enabled] \\{FF10B4F2-1427-489A-A2A3-BB78297C7C5A}
		C:\Windows\system32\pcalua.exe -a C:\Windows\system32\NeroBurnRights.cpl -c Nero BurnRights
[Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
		N/A 
[Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
		N/A 
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
		BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
		N/A 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
		%SystemRoot%\System32\wsqmcons.exe 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
		%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Uploader
		%windir%\system32\WSqmCons.exe -u
[Enabled] \Microsoft\Windows\Defrag\ManualDefrag
		%windir%\system32\defrag.exe \\?\Volume{3f3b1938-fd42-11db-a407-806e6f6e6963}\ \\?\Volume{3f3b193b-fd42-11db-a407-806e6f6e6963}\
[Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
		%windir%\system32\defrag.exe \\?\Volume{4762a509-159a-11dd-9ff1-00038a000015}\ -e -i -g
[Enabled] \Microsoft\Windows\MobilePC\HotStart
		N/A 
[Enabled] \Microsoft\Windows\MobilePC\TMM
		N/A 
[Enabled] \Microsoft\Windows\MUI\LPRemove
		%windir%\system32\lpremove.exe 
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
		N/A 
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
		N/A 
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
		N/A 
[Enabled] \Microsoft\Windows\SystemRestore\SR
		%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
		sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
		%windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\WindowsCalendar\Reminders - Jennifer
		C:\Program Files\Windows Calendar\WinCal.exe /reminder
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
		%windir%\system32\gatherWiredInfo.vbs 
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
		%windir%\system32\gatherWirelessInfo.vbs 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


#13 sundavis

sundavis

  • Malware Response Team
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 22 April 2009 - 04:24 AM

Hi Jenn Shaffahhhh,



I need some info to troubleshoot your IE problems.

for some reason i cannot run internet explorer with any addons

Then, without add-ons, Can you access the internet? You may refer this thread .

i cannot run it with firefox

Yes, you can't run BitDefender Online Scanner with firefox. It's only compatible with Internet Explorer.
After flushing dns and hard resetting router, did you get any popups in your browser? You may run Kas online scan that is compatible with firefox. While scanning, a window box may appear, just conset the publisher and clik OK. Please be patient and do the following:


Step1

Start SREng from your desktop and close all browsers.

Please Click System Repair>Click Browser Add-ons

Locate and click the following entry one by one, click on Delete Selected, follow the prompt, and click Yes

[]
  {00000000-0000-0000-0000-000000000000} <, >
[]
  {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <, >
[]
  {201F27D4-3704-41D6-89C1-AA35E39143ED} <, >
[]
  {3041D03E-FD4B-44E0-B742-2D9B88305F98} <, >
[]
  {3041D03E-FD4B-44E0-B742-2D9B88305F98} <, >
[]
  {3369AF0D-62E9-4BDA-8103-B4C75499B578} <, >
[]
  {35065594-9169-4A34-B167-FC4865038E53} <, >
[]
  {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF} <, >
[]
  {3C060EA2-E6A9-4E49-A530-D4657B8C449A} <, >
[]
  {3F3714A9-89A4-46BE-8AF3-D0C9D1FB03F9} <, >
[]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <, >
[]
  {A057A204-BACC-4D26-8398-26FADCF27386} <, >
[]
  {D187A56B-A33F-4CBE-9D77-459FC0BAE012} <, >

You can refer this thread for your reference.



Step2

Please click Boot Items>click Scheduled Tasks Menu> Uncheck SpywareBot Scheduled Scan

and cliclk the manage button, A Tasks window will open, right click SpywareBot Scheduled Scan and delete.

After that, please delete this folder (if found):

C:\Program Files\SpywareBot



Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.KAS Scan Report
2.Fresh SREng log

Try to run IE with add-ons and tell me how it goes. :thumbup2:

#14 Jenn Shaffahhhh

Jenn Shaffahhhh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 22 April 2009 - 06:05 PM

Okay, so I was able to figure out a way to run internet explorer with the addons, but it still would not let me run the scan. I also was not able to run the Kaspersky Online Scanner. It allows me to download and install the program, but will not update the database. A popup comes up saying "Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Failed to connect to update source]"

So unfortunately yet again all i have are the SREng log.
I did get to do all of the other steps. But the advertisement popups are still coming up and I am still not able to update windows.





2009-04-22,19:04:43

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Basic Edition Service Pack 1 (Build 6001) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<SunJavaUpdateSched><; "C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<NBKeyScan><; "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe">  [File is missing]
	<NvCplDaemon><; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvMediaCenter><; RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<NvSvc><; RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<RtHDVCpl><; RtHDVCpl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows]
	<Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><avgrsstx.dll>  [(Verified)AVG Technologies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{97BFB627-6E7B-492A-8B95-61754BAAB54D}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]

==================================
Startup Folders
N/A

==================================
Services
[AVG Free8 E-mail Scanner / avg8emc][Stopped/Disabled]
  <C:\PROGRA~1\AVG\AVG8\avgemc.exe><(File is missing)>
[AVG Free8 WatchDog / avg8wd][Stopped/Disabled]
  <C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe><(File is missing)>
[getPlus(R) Helper / getPlus(R) Helper][Stopped/Disabled]
  <C:\Program Files\NOS\bin\getPlus_HelperSvc.exe><NOS Microsystems Ltd.>
[hpqcxs08 / hpqcxs08][Running/Manual Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <"c:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[Net Driver HPZ12 / Net Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[NVIDIA Display Driver Service / nvsvc][Running/Auto Start]
  <C:\Windows\system32\nvvsvc.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[ProtexisLicensing / ProtexisLicensing][Stopped/Disabled]
  <C:\Windows\system32\PSIService.exe><>
[stllssvr / stllssvr][Stopped/Manual Start]
  <"c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"><(File is missing)>
[XAudioService / XAudioService][Running/Auto Start]
  <C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[NETGEAR WPN311 V1H3 Wireless Adapter Service / AR5211][Stopped/Manual Start]
  <system32\DRIVERS\WPN311.sys><Atheros Communications, Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[AVG Free AVI Loader Driver x86 / AvgLdx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgldx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free On-access Scanner Minifilter Driver x86 / AvgMfx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgmfx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free8 Firewall Driver x86 / AvgWfpX][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\avgwfpx.sys><AVG Technologies CZ, s.r.o.>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSX_DP.sys><Conexant Systems, Inc.>
[HSXHWBS2 / HSXHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSXHWBS2.sys><Conexant Systems, Inc.>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[DUAL MODE CAMERA SL310 / MR97310_USB_DUAL_CAMERA][Stopped/Manual Start]
  <system32\DRIVERS\mr97310c.sys><N/A>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\nvmfdx32.sys><NVIDIA Corporation>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[nvstor32 / nvstor32][Running/Boot Start]
  <\SystemRoot\system32\drivers\nvstor32.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[Partizan / Partizan][Stopped/Manual Start]
  <system32\drivers\Partizan.sys><Greatis Software>
[PCDRNDISUIO Usermode I/O Protocol / PcdrNdisuio][Stopped/Manual Start]
  <system32\DRIVERS\pcdrndisuio.sys><N/A>
[VSO Software pcouffin / Pcouffin][Stopped/Manual Start]
  <System32\Drivers\Pcouffin.sys><VSO Software>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[Security Services Driver (x86) / RPSKT][Stopped/Auto Start]
  <system32\DRIVERS\rp_skt32.sys><N/A>
[Sony Ericsson Device 125 driver (WDM) / s125bus][Stopped/Manual Start]
  <system32\DRIVERS\s125bus.sys><MCCI Corporation>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <system32\DRIVERS\wanatw4.sys><America Online, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Running/Auto Start]
  <system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <, >
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
  {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\PROGRA~1\AIM\aim.exe, (Signed) America Online, Inc.>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[BDSCANONLINE Control]
  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\Windows\DOWNLO~1\oscan82.ocx, BitDefender>
[Java Plug-in 1.6.0_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {0B83C99C-1EFA-4259-858F-BCB33E007A5B} <, >
[VistaWUWebControl Class]
  {12A66224-5E8A-4679-8941-0B9B960BF5EA} <%SystemRoot%\system32\wuwebv.dll, (Signed) N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {52706EF7-D7A2-49AD-A615-E903858CF284} <, >
[]
  {53707962-6F74-2D53-2644-206D7942484F} <, >
[BDSCANONLINE Control]
  {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\Windows\DOWNLO~1\oscan82.ocx, BitDefender>
[]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <, >
[]
  {61539ECD-CC67-4437-A03C-9AACCBD14326} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Java Plug-in 1.6.0_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
  {90222687-F593-4738-B738-FBEE9C7B26DF} <, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {96372AB6-15EB-4316-B497-71C741BC548C} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.>
[]
  {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45} <, >
[]
  {B0CDA128-B425-4EEF-A174-61A11AC5DBF8} <, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, (Signed) N/A>
[Java Plug-in 1.6.0_11]
  {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
  {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} <, >
[Msxml]
  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {D0943516-5076-4020-A3B5-AEFAF26AB263} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
  {DE9C389F-3316-41A7-809B-AA305ED9D922} <, >
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <, >

==================================
Running Processes
[PID: 412 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 480 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 528 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 536 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 576 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 600 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 628 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 636 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 796 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 844 / SYSTEM][C:\Windows\system32\nvvsvc.exe]  [NVIDIA Corporation, 7.15.11.7521]
[PID: 872 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 904 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 996 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1028 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1044 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1188 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1236 / SYSTEM][C:\Windows\system32\rundll32.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\system32\NVSVC.DLL]  [NVIDIA Corporation, 7.15.11.7521]
	[C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.11.7521]
[PID: 1256 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1364 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1636 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Windows\System32\hpzlllhn.dll]  [Hewlett-Packard Company, 61.053.25.9]
	[C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpplhn.dll]  [Hewlett-Packard Corporation, 61.053.25.9]
[PID: 1660 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1852 / Jennifer][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1916 / Jennifer][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1980 / Jennifer][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 1, 0, 0]
	[C:\Program Files\AVG\AVG8\avgse.dll]  [AVG Technologies CZ, s.r.o., 8.0.0.134]
[PID: 632 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1016 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\program files\hp\digital imaging\bin\hpqddsvc.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[c:\program files\hp\digital imaging\bin\hpqddcmn.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[c:\program files\hp\digital imaging\bin\hpqcxs08.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 82.0.242.000]
	[C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 82.0.242.000]
[PID: 792 / SYSTEM][c:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.4.142.1]
	[c:\Program Files\Common Files\LightScribe\LSSProxy.dll]  [Hewlett-Packard Company, 1.4.142.1]
	[c:\Program Files\Common Files\LightScribe\LSLog.dll]  [Hewlett-Packard Company, 1.4.142.1]
[PID: 1744 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzinw12.dll]  [Hewlett-Packard, 12,1,1,54]
[PID: 1720 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[c:\windows\system32\hpzipm12.dll]  [Hewlett-Packard, 12,1,1,54]
[PID: 1812 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1820 / LOCAL SERVICE][C:\Windows\System32\tcpsvcs.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1828 / SYSTEM][C:\Windows\System32\snmp.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2012 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1960 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1836 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 2128 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe]  [Conexant Systems, Inc., 1.00.15.00]
[PID: 2560 / Jennifer][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.130.3]
[PID: 5192 / Jennifer][C:\Program Files\AIM\aim.exe]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\AIM_xmlp.dll]  [N/A, ]
	[C:\Program Files\AIM\Xprt.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\oscore.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\Xpcs.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\Xptl.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\idlemon.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\oscres.dll]  [N/A, ]
	[C:\Program Files\AIM\DUNZIP32.dll]  [Inner Media, Inc., 5.00.00]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\AIM\ATE32.dll]  [America Online, Inc., 2.5.18.0]
	[C:\Program Files\AIM\AIMToday.dll]  [N/A, ]
	[C:\Program Files\AIM\xprt5.dll]  [America Online, Inc., 5.0.0.4426]
	[C:\Program Files\AIM\RTvideo.dll]  [America Online, Inc., 1.0.2.1]
	[C:\PROGRA~1\AIM\sb.dll]  [America Online, Inc., 9.00.001]
	[C:\PROGRA~1\AIM\xmlparse.dll]  [N/A, ]
	[C:\PROGRA~1\AIM\xmltok.dll]  [N/A, ]
	[C:\Program Files\AIM\CoolSocket.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\aimres.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\CoolBucky.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\AimCoreSvcs.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\CoolBos.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\AimSecondarySvcs.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\oscarui.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\WNDUTILS.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\AIMAX.dll]  [N/A, ]
	[C:\Program Files\AIM\proto.ocm]  [America Online, Inc., 0.0.0.0]
	[C:\Program Files\AIM\CoolHttp.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\startup.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\aimapi.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\buddyui.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\icbmui.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\locateui.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\browse.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\chatui.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\ticker.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\alertui.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\oscmain.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\miscui.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\stats.ocm]  [N/A, ]
	[C:\Program Files\AIM\osclogin.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\popup.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\oscsrch.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\rvapps.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\oscmail.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\NTP.ocm]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\ateima32.dll]  [America Online, Inc., 5.9.3861]
	[C:\Program Files\AIM\CoolSecNss.dll]  [America Online, Inc., 3.6.9.2289]
	[C:\Program Files\AIM\nss3.dll]  [Netscape Communications Corporation, 3.9.2]
	[C:\Program Files\AIM\softokn3.dll]  [Netscape Communications Corporation, 3.9.2]
	[C:\Program Files\AIM\plc4.dll]  [Netscape Communications Corporation, 4.4.1]
	[C:\Program Files\AIM\nspr4.dll]  [Netscape Communications Corporation, 4.4.1]
	[C:\Program Files\AIM\plds4.dll]  [Netscape Communications Corporation, 4.4.1]
	[C:\Program Files\AIM\ssl3.dll]  [Netscape Communications Corporation, 3.9.2]
	[C:\Program Files\AIM\smime3.dll]  [Netscape Communications Corporation, 3.9.2]
	[C:\PROGRA~1\AIM\nssckbi.dll]  [N/A, ]
	[C:\Program Files\AIM\inetsocket.dll]  [, 1, 0, 0, 1]
[PID: 3464 / Jennifer][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.9]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.9]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.3]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.9]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.9]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.9]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.73]
	[C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\PROGRA~1\Java\jre6\bin\client\jvm.dll]  [Sun Microsystems, Inc., 11.3.0.02]
	[C:\PROGRA~1\Java\jre6\bin\hpi.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\PROGRA~1\Java\jre6\bin\verify.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\PROGRA~1\Java\jre6\bin\java.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\PROGRA~1\Java\jre6\bin\zip.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\jp2native.dll]  [, ]
	[C:\Program Files\Java\jre6\bin\deploy.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\msvcr71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Java\jre6\bin\net.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\nio.dll]  [Sun Microsystems, Inc., 6.0.130.3]
	[C:\Program Files\Java\jre6\bin\regutils.dll]  [Sun Microsystems, Inc., 6.0.130.3]
[PID: 2224 / Jennifer][C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 908, 8472]
	[C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\res_en.dll]  [Google Inc., 1, 2, 908, 8472]
	[C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\swg.dll]  [Google Inc., 1, 2, 908, 8472]
[PID: 4572 / Jennifer][C:\PROGRA~1\PKWARE\PKZIPR~1\ZIPREA~1.EXE]  [PKWARE, Inc., 8.0.9.0]
	[C:\Program Files\Common Files\PKWARE\PKZIP7\PKWIZ700.dll]  [PKWARE, Inc., 1.0.30.0]
	[C:\PROGRA~1\COMMON~1\PKWARE\PKZIP7\PKCMND~1.DLL]  [PKWARE, Inc., 1.4.121.0]
	[C:\PROGRA~1\COMMON~1\PKWARE\PKZIP7\PKARCH~1.DLL]  [PKWARE, Inc., 8.1.170.0]
	[C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll]  [PKWARE, Inc., 1.00.0099.0]
[PID: 5280 / SYSTEM][C:\Windows\system32\SearchProtocolHost.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 4068 / SYSTEM][C:\Windows\system32\SearchFilterHost.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 5364 / Jennifer][C:\Users\Jennifer\Desktop\kztechssuite\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 5680 / Jennifer][C:\Users\Jennifer\Desktop\kztechssuite\SRE44a5c718.EXE]  [Smallfrogs Studio, 2.7.0.1210]
	[C:\Users\Jennifer\Desktop\kztechssuite\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost
::1			 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] \\Ad-Aware Update (Weekly)
		C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent
[Enabled] \\DPService.exe_1355510030
		C:\Program Files\HP\DVDPlay\DPService.exe update all silent
[Enabled] \\SpywareBot Scheduled Scan
		C:\Program Files\SpywareBot\SpywareBot.exe scheduled
[Enabled] \\{10543612-DA23-42F6-BEBD-55FCDF64F8A5}
		C:\Windows\system32\pcalua.exe -a "C:\Users\Jennifer\AppData\Local\Temp\Temp1_Corel Paint Shop Photo Pro XI v11 (Full Version with Keygen).zip\Setup.exe"
[Enabled] \\{349962AF-3C6B-4E79-8E12-B225D78C6376}
		C:\Windows\system32\pcalua.exe -a "C:\Users\Jennifer\AppData\Local\Temp\Temp1_Adobe Photoshop_CS2 9.0 full.zip\Photoshop CS2\Setup.exe"
[Enabled] \\{6ADE6657-FE9C-4EB6-9591-8EFD43EC0DD8}
		C:\Windows\system32\pcalua.exe -a "C:\My Downloads\Corel Paint Shop Photo Pro XI v11 (Full Version with Keygen)\Setup.exe" -d "C:\My Downloads\Corel Paint Shop Photo Pro XI v11 (Full Version with Keygen)"
[Enabled] \\{6ECE20FD-BBCF-4514-A4CD-5E2B15C399A7}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\AIM\uninstll.exe" -c -LOG= C:\Program Files\AIM\install.log -OEM=
[Enabled] \\{93CC8346-498F-490C-8113-C0B40665DFA1}
		C:\Windows\system32\pcalua.exe -a E:\.\setup.exe -d E:\
[Enabled] \\{BE7B266C-E49A-43D0-9C40-B672DEA8B5AD}
		C:\Windows\system32\pcalua.exe -a C:\Windows\UNNERO.exe -c /UNINSTALL
[Enabled] \\{DAB67390-DBF3-4E25-B6B3-3C7052ACA2AE}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\Grisoft\AVG7\setup.exe" -c /UNINSTALL
[Enabled] \\{DBB0BC1E-5F84-4043-A63B-7A1CEAA352DA}
		C:\Windows\system32\pcalua.exe -a C:\Users\Jennifer\Desktop\wmp11-windowsxp-x86-enu.exe -d C:\Users\Jennifer\Desktop
[Enabled] \\{DF4B377C-4F70-4F2E-BDFF-A06E07C6A59D}
		C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\AOL\uninstaller.exe"
[Enabled] \\{EBBB1470-783C-4442-A9D7-58FA51BCFA38}
		C:\Windows\system32\pcalua.exe -a C:\Users\Jennifer\Desktop\setup_vwmc_trial.exe -d C:\Users\Jennifer\Desktop
[Enabled] \\{FF10B4F2-1427-489A-A2A3-BB78297C7C5A}
		C:\Windows\system32\pcalua.exe -a C:\Windows\system32\NeroBurnRights.cpl -c Nero BurnRights
[Disabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
		N/A 
[Enabled] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
		N/A 
[Enabled] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
		BthUdTask.exe $(Arg0)
[Enabled] \Microsoft\Windows\CertificateServicesClient\SystemTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask
		N/A 
[Enabled] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
		N/A 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
		%SystemRoot%\System32\wsqmcons.exe 
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
		%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[Enabled] \Microsoft\Windows\Customer Experience Improvement Program\Uploader
		%windir%\system32\WSqmCons.exe -u
[Enabled] \Microsoft\Windows\Defrag\ManualDefrag
		%windir%\system32\defrag.exe \\?\Volume{3f3b1938-fd42-11db-a407-806e6f6e6963}\ \\?\Volume{3f3b193b-fd42-11db-a407-806e6f6e6963}\
[Enabled] \Microsoft\Windows\Defrag\ScheduledDefrag
		%windir%\system32\defrag.exe \\?\Volume{4762a509-159a-11dd-9ff1-00038a000015}\ -e -i -g
[Enabled] \Microsoft\Windows\MobilePC\HotStart
		N/A 
[Enabled] \Microsoft\Windows\MobilePC\TMM
		N/A 
[Enabled] \Microsoft\Windows\MUI\LPRemove
		%windir%\system32\lpremove.exe 
[Enabled] \Microsoft\Windows\Multimedia\SystemSoundsService
		N/A 
[Enabled] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
		N/A 
[Enabled] \Microsoft\Windows\Shell\CrawlStartPages
		N/A 
[Enabled] \Microsoft\Windows\SystemRestore\SR
		%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict1
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[Enabled] \Microsoft\Windows\Tcpip\IpAddressConflict2
		rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[Enabled] \Microsoft\Windows\UPnP\UPnPHostConfig
		sc.exe config upnphost start= auto
[Enabled] \Microsoft\Windows\Windows Error Reporting\QueueReporting
		%windir%\system32\wermgr.exe -queuereporting
[Enabled] \Microsoft\Windows\WindowsCalendar\Reminders - Jennifer
		C:\Program Files\Windows Calendar\WinCal.exe /reminder
[Enabled] \Microsoft\Windows\Wired\GatherWiredInfo
		%windir%\system32\gatherWiredInfo.vbs 
[Enabled] \Microsoft\Windows\Wireless\GatherWirelessInfo
		%windir%\system32\gatherWirelessInfo.vbs 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


#15 sundavis

sundavis

  • Malware Response Team
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:39 PM

Posted 22 April 2009 - 08:26 PM

Hi Jenn Shaffahhhh,




It seemed that you have a rogue program installed in you system. Please uninstall it as follows:

Go to start > control panel > programs and features.
Right click on the instance of:

SpywareBot

and choose uninstall. Reboot your PC.


Step1

Start SREng on your desktop.

Please click Boot Items>click Scheduled Tasks Menu> Uncheck SpywareBot Scheduled Scan

and cliclk the manage button, A Tasks window will open, right click SpywareBot Scheduled Scan and delete.

After that, please delete this folder (if found):

C:\Program Files\SpywareBot

Please click System Repair>Hosts File menu>Press the reset button>and click save button. Exit the program.

Make an Uninstall List

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button
5. Click on the Save list button
6. It will prompt you to save. Save this log in a convenient location. By default, it's named uninstall_list.txt.
7. Copy and paste the contents in your next reply.


Step2

I also notice you have MBAM installed in your system, Please rerun it as instructed in the following. If you can't update the program, you can download the virus definitions from Here and install manually.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3

Please redo flush dns and hard reset router as instructed in my previous post. and redo the online scan as follows:

Please run a BitDefender Online Scan-----<Right click on Internet Explorer and click Run as administrator >
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
I will give you another one, just in case. :thumbup2:

Right click on Internet Explorer and click Run as administrator and go to F-Secure Online Scanner Next Generation
  • Click on the link "Start your scan".
  • You may receive an alert on the address bar at this point to install the ActiveX control.
  • Read the license agreement and click "Accept".
  • Click "Full System Scan" to download the scanning components and begin scan and cleaning.
  • When done click "Show report" and copy/paste its contents into your next reply.
In you next reply, please post back:


1.Uninstall list.
2.MBAM log
3.Bit Defender scan report.
4.SREng log.

Tell me how it went. :)

Edited by sundavis, 22 April 2009 - 08:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users