Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Windows Firewall Pop-up


  • This topic is locked This topic is locked
10 replies to this topic

#1 madrebel

madrebel

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 12 October 2008 - 10:54 PM

I'm having a fake firewall notification that I have a trojan (Different names provided), and to turn on my firewall. This was accompanied by quite a few other pests that I have already removed. I also found a file called x.ico located in C:\Documents and Settings\User Name\Local Settings\Temp. This file just shows back up every time it's deleted. There were a couple other files in this same folder called a.exe, and e.exe that were able to be deleted without showing back up. Most of my troubles went away once I removed those, but this one still persists. This file "O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\a.exe" looks like it is related to the .exe's I just told you about, but I'm not sure if it's safe to remove it. Thanks for any help you can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:57 PM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Documents and Settings\All Users\Application Data\zkvwnifg\hcxmvitk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ibitwxwn.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {BBEEBE4F-3EDA-40F4-A0AB-87593EE49C56} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [setdsc] C:\WINDOWS\system32\ibitwxwn.exe
O4 - HKCU\..\Run: [infocfg] C:\WINDOWS\system32\zkfolohy.exe
O4 - HKLM\..\Policies\Explorer\Run: [UvAhFssiqt] C:\Documents and Settings\All Users\Application Data\zkvwnifg\hcxmvitk.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.com/teleport/makinmagic/...nMagicTeleX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205919709140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205919674171
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:35 PM

Posted 17 October 2008 - 09:49 PM

Hello, madrebel.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 madrebel

madrebel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 17 October 2008 - 11:55 PM

Hi Billy! Thanks for the help. As for the length of time needed to get to me, don't worry about that. I can see that you guys are very busy, and trying to help everyone. Just a small update. As of a couple days ago, the firewall popup I was getting every time I opened a new application has stoped for some reason.It's still in there somewhere, but it is no longer making itself visable. Here are the reports you asked for from OT ViewIt.

OTViewIt logfile created on: 10/17/2008 11:26:53 PM - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\John Elizondo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 569.93 Mb Available Physical Memory | 55.69% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 66.64 Gb Free Space | 28.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MADREBEL
Current User Name: John Elizondo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/04/01 10:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
[2008/08/29 14:30:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/07/04 09:52:47 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/08/29 14:30:08 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2007/04/10 14:01:18 | 00,336,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
[2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2004/08/03 20:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/09/06 17:32:18 | 00,332,560 | ---- | M] () -- C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe
[2001/08/17 17:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
[2007/09/01 16:44:06 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/04/01 10:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008/02/29 03:55:46 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/17 23:25:49 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 14:30:08 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/29 14:30:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/04/01 10:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/08/11 19:06:25 | 01,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2007/09/01 04:49:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/09/06 17:32:23 | 00,254,224 | ---- | M] () -- C:\Program Files\Common Files\Iconix\IconixService.exe -- (IconixService [Auto | Stopped])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
[2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/03 20:07:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2008/08/29 14:30:06 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/04 09:52:47 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/04 09:53:00 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[1998/06/02 15:55:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [System | Running])
[2002/06/05 18:07:00 | 00,009,344 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor [Boot | Running])
[2003/01/27 14:47:54 | 00,501,376 | ---- | M] (ahead software) -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF [Disabled | Stopped])
[2007/03/22 21:49:54 | 00,539,072 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
[2007/03/22 21:50:08 | 00,037,424 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Running])
[2007/03/31 00:02:42 | 00,876,384 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2007/03/22 21:50:24 | 00,149,123 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2007/03/31 00:02:40 | 00,055,352 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid [On_Demand | Stopped])
[2007/03/22 21:50:42 | 00,067,960 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
[2001/08/17 07:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Running])
[2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2002/12/05 04:21:00 | 00,083,072 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2002/10/07 03:56:00 | 00,040,400 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2007/08/07 14:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2007/02/15 19:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2001/08/17 07:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
[2001/08/17 07:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
[2001/08/17 07:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2004/08/03 18:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2002/10/08 05:03:15 | 00,007,582 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm [System | Running])
[2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2005/07/23 00:41:08 | 00,055,040 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou [On_Demand | Stopped])
[2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2005/07/23 00:41:46 | 00,026,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
[2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2005/07/23 00:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[1998/09/30 14:08:24 | 00,010,256 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\PARPEPPY.SYS -- (PARPEPPY [Auto | Running])
[2004/07/29 00:14:22 | 00,091,577 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID [On_Demand | Running])
[2002/10/01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/03 20:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 07:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
[2002/10/10 17:11:48 | 00,005,621 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2002/10/10 17:11:00 | 00,023,027 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2002/11/19 04:50:00 | 00,023,671 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2002/11/19 04:50:00 | 00,034,807 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2002/11/19 04:50:00 | 00,004,119 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2002/11/19 04:50:00 | 00,002,203 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2002/11/19 04:50:00 | 00,055,286 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2002/11/19 04:50:00 | 00,014,039 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2002/11/19 04:50:00 | 00,006,327 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2002/11/19 04:50:00 | 00,091,158 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2002/11/19 04:50:00 | 00,095,479 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/08/03 18:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2004/08/03 20:07:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/08/03 20:07:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.yahoo.com/?fr=fptb-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.yahoo.com/?fr=fptb-

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} (HKLM) -- C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (Morpheus)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
{761233B6-F228-49E4-8F6B-668499D4E55A} (HKLM) -- C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{BBEEBE4F-3EDA-40F4-A0AB-87593EE49C56} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F4D76F09-7896-458A-890F-E1F05C46069F}" (HKLM) -- C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL File not found

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F4D76F09-7896-458A-890F-E1F05C46069F}" (HKLM) -- C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"IconixOEAddOn"="C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe" ()
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup File not found
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime (Apple Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApiSysSmart"=C:\WINDOWS\system32\tqzqrcdo.exe File not found
"infocfg"=C:\WINDOWS\system32\zkfolohy.exe File not found
"MSFox"=C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\a.exe File not found
"setdsc"=C:\WINDOWS\system32\ibitwxwn.exe File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApiSysSmart"=C:\WINDOWS\system32\tqzqrcdo.exe File not found
"infocfg"=C:\WINDOWS\system32\zkfolohy.exe File not found
"MSFox"=C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\a.exe File not found
"setdsc"=C:\WINDOWS\system32\ibitwxwn.exe File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2007/04/01 10:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2008/09/21 13:42:54 | 00,108,032 | ---- | M] (iWin Inc.) -- C:\Documents and Settings\Monica Ezell\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoControlPanel"=0
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"UvAhFssiqt"=C:\Documents and Settings\All Users\Application Data\zkvwnifg\hcxmvitk.exe -- [2008/10/12 04:53:06 | 00,044,032 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoControlPanel"=0
"NoWindowsUpdate"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoControlPanel"=0
"NoWindowsUpdate"=0

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&ieSpell Options: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
&Winamp Search: C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008/03/19 17:21:40 | 00,000,748 | ---- | M] ()
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
&Yahoo! Search: File not found
Add to Windows &Live Favorites: File not found
Check &Spelling: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
Lookup on Merriam Webster: File not found
Lookup on Wikipedia: File not found
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 09:16:32 | 00,002,773 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&ieSpell Options: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
&Winamp Search: C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008/03/19 17:21:40 | 00,000,748 | ---- | M] ()
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
&Yahoo! Search: File not found
Add to Windows &Live Favorites: File not found
Check &Spelling: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
Lookup on Merriam Webster: File not found
Lookup on Wikipedia: File not found
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 09:16:32 | 00,002,773 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: Button: ieSpell -- %ProgramFiles%\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: Menu: ieSpell -- %ProgramFiles%\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: Menu: ieSpell Options -- %ProgramFiles%\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{400A6CFA-E326-4d61-A90C-9AD75358DC5F}: Menu: Email ID Preferences -- %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}: Button: PalTalk -- %ProgramFiles%\Paltalk Messenger\Paltalk.exe File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/04/30 17:17:34 | 01,372,160 | ---- | M] (Skype Technologies S.A.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2007/10/25 11:26:48 | 00,053,248 | ---- | M] ()
{BC3F6B6D-2E49-4603-B028-7411655713F3}: Menu: About Email ID -- %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 09:16:32 | 00,005,589 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 09:16:32 | 00,005,589 | ---- | M] ()
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.2.28.dll File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKLM] -> [ieSpell] -> File not found
CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKLM] -> [ieSpell Options] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{400A6CFA-E326-4d61-A90C-9AD75358DC5F} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [Email ID Preferences] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 11:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{BC3F6B6D-2E49-4603-B028-7411655713F3} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [About Email ID] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKLM] -> [ieSpell] -> File not found
CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKLM] -> [ieSpell Options] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{400A6CFA-E326-4d61-A90C-9AD75358DC5F} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [Email ID Preferences] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 11:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{BC3F6B6D-2E49-4603-B028-7411655713F3} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [About Email ID] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.bcf: Belarc Advisor and BelLive - Belarc's Content Personalization with Privacy -- C:\Program Files\Internet Explorer\PLUGINS\NPBelv32.dll [2002/08/02 18:30:30 | 00,774,144 | ---- | M] (Belarc, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: http://support.cox.com/sdccommon/download/tgctlcm.cab -- Support.com Configuration Class
{12F7F128-B36C-4843-8AA4-A5F71A969331}: https://horizons.istaria.com/controls/launcher.ocx -- Launcher Control
{1671869C-25B3-4C80-9446-8AE6111F8765}: http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab -- MaxisHotDateTeleX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab -- CDownloadCtrl Object
{4063B398-3FC7-433E-B23B-0460CE7EDC27}: http://thesims.ea.com/teleport/makinmagic/...nMagicTeleX.cab -- MaxisMakinMagicTeleX Control
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1205919709140 -- WUWebControl Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1205919674171 -- MUWebControl Class
{8714912E-380D-11D5-B8AA-00D0B78F3D48}: http://chat.yahoo.com/cab/yuplapp.cab -- Yahoo! Webcam Upload Wrapper
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{A44B714B-EE0F-453E-9300-A69B321FEF6C}: http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab -- MaxisSimsFamilyTeleX Control
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}: http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab -- CPlayFirstddfotgControl Object
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/download/7/E...04/clearadj.cab -- CTAdjust Class
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}: http://zone.msn.com/bingame/popcaploader_v10.cab -- PopCapLoader Object
{FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}: http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab -- moDiagCollectionActiveX Object

========== (O17) DNS Name Servers ==========

{1C75D169-D456-4789-BCF4-AA17EF8981C7} (Servers: | Description: VIA Compatable Fast Ethernet Adapter)
{4A646483-A189-4B02-B415-99D4D92CE477} (Servers: | Description: )
{B6D729AF-69B1-487E-8747-0637CC7C9E95} (Servers: | Description: )
{C9AB3DE5-4FC0-4D9D-94F8-9B28A7D7F36C} (Servers: | Description: Motorola SURFboard SB5120 USB Cable Modem)
{DD083179-B3E4-4E12-B793-668F58BBABE2} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
>[2007/08/11 19:06:25 | 00,145,408 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2008/07/04 09:52:48 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
LBTWlgn: "DllName" = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/01/31 01:07:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/17 23:22:30 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTViewIt.exe
[2008/10/17 16:04:47 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC6C3E47-7E62-4B4D-81CC-C0059FCF5760}.job
[2008/10/17 06:28:35 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2008/10/17 06:28:35 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008/10/12 18:45:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\John Elizondo\Desktop\HijackThis.lnk
[2008/10/12 18:45:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/12 16:36:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2008/10/12 16:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2008/10/12 07:33:45 | 00,000,000 | ---D | C] -- C:\Program Files\Snapshot Viewer
[2008/10/12 04:59:21 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/12 04:53:34 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\winlogonpc.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\WINWGPX.EXE
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\winsystem.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\vbsys2.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\VBIEWER.OCX
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\thun32.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\thun.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\taack.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\taack.dat
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysreq.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\Rundl1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\psoft1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\psof1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\ps1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\newsd32.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\netode.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\mwin32.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\mtr2.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\mssecu.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\msgp.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\medup020.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\hxiwlgpm.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\hxiwlgpm.dat
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\bsva-egihsg52.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\bdn.com
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\awtoolb.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\akttzn.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\bdn.com
[2008/10/12 04:53:33 | 00,004,096 | ---- | C] () -- C:\WINDOWS\a.bat
[2008/10/12 04:53:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\smp
[2008/10/12 04:53:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\zkvwnifg
[2008/10/12 03:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Desktop\Wallpaper
[2008/10/08 05:22:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/10/08 05:12:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/08 02:03:02 | 00,099,362 | ---- | C] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports 2.mht
[2008/10/06 12:59:56 | 00,048,068 | ---- | C] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports.mht
[2008/10/05 11:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/10/04 15:20:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Application Data\Real
[2008/10/01 00:50:34 | 00,001,655 | ---- | C] () -- C:\Documents and Settings\John Elizondo\Desktop\FXCM Micro Trading Station II.lnk
[2008/09/22 06:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Desktop\New Folder

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\*.tmp files]
[2008/10/17 23:25:49 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTViewIt.exe
[2008/10/17 19:36:39 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/10/17 16:07:19 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC6C3E47-7E62-4B4D-81CC-C0059FCF5760}.job
[2008/10/17 16:01:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 08:24:12 | 00,162,422 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/17 08:24:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/17 08:20:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/17 06:29:47 | 28,962,379 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/16 03:00:09 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\SpywareStop Scheduled Scan.job
[2008/10/16 03:00:00 | 00,000,504 | ---- | M] () -- C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
[2008/10/15 23:52:50 | 00,043,628 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/15 11:38:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/12 20:55:14 | 00,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareStop.lnk
[2008/10/12 18:45:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\John Elizondo\Desktop\HijackThis.lnk
[2008/10/12 04:53:34 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\winlogonpc.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\WINWGPX.EXE
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\winsystem.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\vbsys2.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\VBIEWER.OCX
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\thun32.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\thun.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\taack.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\taack.dat
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\sysreq.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\Rundl1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\psoft1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\psof1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\ps1.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\newsd32.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\netode.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\mwin32.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\mtr2.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\mssecu.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\msgp.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\medup020.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\hxiwlgpm.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\hxiwlgpm.dat
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\bsva-egihsg52.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\bdn.com
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\awtoolb.dll
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\akttzn.exe
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\bdn.com
[2008/10/12 04:53:33 | 00,004,096 | ---- | M] () -- C:\WINDOWS\a.bat
[2008/10/10 00:17:13 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 05:10:00 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/08 04:43:56 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 02:03:03 | 00,099,362 | ---- | M] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports 2.mht
[2008/10/07 12:46:00 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/07 06:27:50 | 00,145,920 | ---- | M] () -- C:\Documents and Settings\John Elizondo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/06 12:59:57 | 00,048,068 | ---- | M] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports.mht
[2008/10/01 00:50:34 | 00,001,655 | ---- | M] () -- C:\Documents and Settings\John Elizondo\Desktop\FXCM Micro Trading Station II.lnk
[2008/09/19 14:17:55 | 02,654,512 | -H-- | M] () -- C:\Documents and Settings\John Elizondo\Local Settings\Application Data\IconCache.db
< End of report >






OTViewIt Extras logfile created on: 10/17/2008 11:26:53 PM - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\John Elizondo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 569.93 Mb Available Physical Memory | 55.69% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 66.64 Gb Free Space | 28.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MADREBEL
Current User Name: John Elizondo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/03 20:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/02/23 00:45:07 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/03 20:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2008/05/27 21:58:12 | 04,269,296 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/01/31 07:14:05 | 00,784,032 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/01/31 07:26:58 | 00,771,373 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/01/31 07:30:12 | 00,771,493 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/09/07 18:01:54 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2007/02/15 01:23:21 | 00,771,373 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/02/16 03:06:59 | 00,771,353 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/02/23 00:45:07 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/03/07 05:29:48 | 00,771,362 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/04/03 12:02:13 | 00,771,411 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2005/09/14 10:46:42 | 00,221,184 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv
[2008/02/05 15:29:18 | 06,190,320 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
[2007/08/15 01:36:55 | 00,807,854 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoWTest\WoW-0.2.0.7051-to-0.2.0.7091-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/08/22 14:43:40 | 00,090,112 | ---- | M] (CCP hf.) -- C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
[2002/10/07 22:08:12 | 00,905,216 | ---- | M] () -- C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3
[2004/07/30 12:04:22 | 00,245,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe:*:Enabled:Creative Cam Detector
[2004/07/29 11:13:32 | 00,168,031 | ---- | M] () -- C:\Program Files\Creative\Creative WebCam Instant\WebCam Center\WebCamCenter.exe:*:Enabled:Creative WebCam Center
[2008/10/05 09:49:45 | 01,563,416 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.
[2007/12/21 17:28:06 | 00,082,200 | ---- | M] () -- C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/03/22 06:02:31 | 00,424,067 | ---- | M] (Blizzard North) -- C:\Program Files\Diablo II\Game.exe:*:Enabled:Diablo II
File not found -- C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/11/14 13:58:18 | 00,785,920 | ---- | M] (Streamcast Networks, Inc) -- C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus
[2008/09/12 12:21:22 | 01,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp
[2004/08/03 20:07:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
File not found -- C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene
[2008/01/29 21:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
[2008/03/31 20:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
[2008/03/27 20:00:24 | 05,844,992 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2001/08/29 06:48:16 | 01,486,890 | ---- | M] (DeepRed Games Ltd) -- C:\Program Files\Infogrames Interactive\Monopoly Tycoon\mc.exe:*:Enabled:Monopoly Tycoon
[2008/08/29 02:04:53 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/08/29 14:30:08 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\Program Files\Codemasters\RF Online\RF.exe:*:Enabled:RFLauncher
[2008/06/28 16:00:56 | 01,789,440 | ---- | M] (Flagship Studios) -- C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:*:Enabled:Mythos
[2008/08/22 01:28:32 | 00,537,400 | ---- | M] (http://www.bitcomet.com) -- C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe:*:Enabled:eMule plugin host for BitComet
[2008/07/09 14:58:46 | 12,718,080 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
[2008/07/09 15:30:05 | 12,578,816 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
[2008/07/30 02:19:32 | 02,478,080 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
[2008/06/18 14:15:37 | 04,993,024 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
[2008/02/29 03:55:46 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/08/28 10:18:24 | 03,660,848 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
[2008/04/21 03:27:46 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/04/30 17:17:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2002/08/02 12:52:52 | 00,036,864 | ---- | M] (Belarc, Inc.) C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} (HKLM) [VoilaXctl Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/23 00:45:07 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/04 09:52:55 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/30 17:17:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 13:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00120409-78E1-11D2-B60F-006097C998E7}"=Microsoft FrontPage 2000
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=DLA
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.3
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}"=Windows Live Photo Gallery
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools
"{4432EA0E-A717-43C2-9E8A-0B56FD5189EB}"=SpywareStop
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{60E80B13-8649-4A69-85E2-1AE99E061F43}"=ShowBiz DVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}"=Simple Backup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}"=The Sims 2 Family Fun Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8214CC02-6271-4DC8-B8DD-779933450264}"=RecordNow
"{84814E6B-2581-46EC-926A-823BD1C670F6}"=WIDCOMM Bluetooth Software
"{85DD724B-15E5-4572-81BF-CF9031D83848}"=Ventrilo Server
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}"=CDDRV_Installer
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}"=The Sims Makin' Magic
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}"=The Sims 2 Glamour Life Stuff
"{A2453998-F3D8-426D-B96F-0777B120E388}"=Mythos
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}"=Nero - Burning Rom
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B07F0D17-FE19-4BE6-9F83-27E52CF381D5}"=Utherverse 3D Client
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B37C842A-B624-46B8-A727-654E72F1C91A}"=Calculator Powertoy for Windows XP
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}"=Monopoly Tycoon
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}"=KhalSetup
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}"=Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DCF9A8CC-6EB4-156B-7E67-BABDACF9218D}"=Family Feud
"{DD54CF66-090B-43E7-97C1-110EF526474D}"=ArcSoft Multimedia Email
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims™ 2 Seasons
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}"=The Sims™ 2 Celebration! Stuff
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}"=Yahoo! Music Jukebox
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F20C1251-1D0A-4944-B2AE-678581B33B19}"=Neverwinter Nights 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F41D7749-D973-42E7-BD80-64309766C39E}"=Dungeon Lords
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}"=Jasc Paint Shop Pro 9
"{FC888095-A35E-4993-A9E0-366BF6F0CCE0}"=ArcSoft PhotoImpression 5
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AfterWorld_is1"=AfterWorld Alpha 8
"Alchemy 1.2"=Alchemy 1.2
"Anarchy Online_is1"=Anarchy Online
"AnyTV_is1"=AnyTV 2.10
"Auctioneer"=Auctioneer AddOns
"AVG8Uninstall"=AVG Free 8.0
"AVI Splitter_is1"=AVI Splitter
"Belarc Advisor 2.0"=Belarc Advisor 5.1
"BitComet"=BitComet 1.04
"BitTorrent"=BitTorrent 5.0.9
"CamStudio"=CamStudio
"CloneDVD2"=CloneDVD2
"Coupon Printer for Windows2.0"=Coupon Printer for Windows
"Cox Online Support Controls_is1"=Cox Online Support Controls
"Creative Launcher"=Creative Launcher
"Creative PD0620"=Creative WebCam Instant Driver (1.01.02.0729)
"Creative WebCam Center"=Creative WebCam Center
"Creative WebCam Instant User's Guide English"=Creative WebCam Instant User's Guide (English)
"Diablo II"=Diablo II
"DivX Content Uploader"=DivX Content Uploader
"DivX Total Pack"=DivX Total Pack
"Download Manager"=Download Manager 2.3.6
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"EVE"=EVE-ONLINE (remove only)
"EVEMon"=EVEMon
"Family Feud"=Family Feud (remove only)
"FamilyFeudOnlineParty"=FamilyFeudOnlineParty (remove only)
"FreeUndelete"=FreeUndelete
"FrostWire"=FrostWire 4.17.0
"FXCM Micro Trading Station II"=FXCM Micro Trading Station II
"FXCM Trading Station II"=FXCM Trading Station II
"GameSpotDownloadManager"=GameSpot Download Manager
"Get Yahoo! Messenger"=Get Yahoo! Messenger
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"Homeworld2"=Homeworld2
"hp dvd writer"=hp dvd writer
"Iconix eMail ID"=Iconix™ eMail ID
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ieSpell"=ieSpell
"Image Composer"=Microsoft Image Composer 1.5
"InCD!UninstallKey"=Ahead InCD
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"iWinArcade"=iWin Games (remove only)
"Jasc Paint Shop Pro 9 GDI+ Patch"=Jasc Paint Shop Pro 9 GDI+ Patch
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)"=Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"Jasc Paint Shop Pro 9.01 Patch"=Jasc Paint Shop Pro 9.01 Patch
"Mah Jong Quest"=Mah Jong Quest (remove only)
"Mah Jong Quest II"=Mah Jong Quest II (remove only)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Morpheus"=Morpheus 5.5 (remove only)
"MorpheusToolbar Uninstall"=Morpheus Toolbar
"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)
"MpcStar"=MpcStar 3.1
"MRW!UninstallKey"=Ahead InCD EasyWrite Reader
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"oggcodecs"=oggcodecs 0.71.0946
"Orb"=Winamp Remote
"PixRecovery"=PixRecovery
"Quake III Arena"=Quake III Arena
"Quake III Arena Point Release 1.32"=Quake III Arena Point Release 1.32
"Recorder"=Creative Recorder
"Recover My Files_is1"=Recover My Files
"SecondLife"=SecondLife (remove only)
"Settlers3Deinstall"=Settlers3
"Sid Meier's Alpha Centauri"=Sid Meier's Alpha Centauri
"Siedler3EditorUninstall"=SETTLERS III Level Editor
"Siedler3MissionUninstall"=The SETTLERS III Mission CD
"Sophos-AntiRootkit"=Sophos Anti-Rootkit 1.3.1
"System Mechanic 6_is1"=iolo technologies' System Mechanic 6
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Total Video Converter 3.11_is1"=Total Video Converter 3.11 070908
"Utherverse 3D Client"=Utherverse 3D Client
"VLC media player"=VideoLAN VLC media player 0.8.6a
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"WinAmp Control for Google Desktop_is1"=WinAmp Control for Google Desktop 1.3
"Winamp Toolbar"=Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox"=Winamp Toolbar for Firefox
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)
"Xvid_is1"=Xvid 1.1.2 final uninstall
"Yahoo! Anti-Spy"=Yahoo! Anti-Spy
"Yahoo! Companion"=Yahoo! ¤u¨ă¦C
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
"Zylom Games Player Plugin"=Zylom Games Player Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2008 3:18:05 AM | Computer Name = MADREBEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 4/8/2008 2:50:09 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2008 2:50:15 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1001
Description = Fault bucket 625112620.

Error - 4/8/2008 3:57:22 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.907, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2008 3:57:23 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.907, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2008 5:36:23 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2008 5:36:40 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2008 5:36:59 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.907, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2008 1:17:48 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2008 1:17:51 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1001
Description = Fault bucket 625112620.

[ System Events ]
Error - 10/16/2008 3:12:49 PM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1004
Description = Virtual server 1 was unable to register itself and the local delivery
sink with the event binding database. Server events and local delivery will not
function properly for this virtual server.

Error - 10/16/2008 3:12:49 PM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1002
Description = Server events initialization failed for virtual server 1. Server
events may not be called for this virtual server.

Error - 10/16/2008 3:12:49 PM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
spywarestop

Error - 10/17/2008 7:27:30 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1004
Description = Virtual server 1 was unable to register itself and the local delivery
sink with the event binding database. Server events and local delivery will not
function properly for this virtual server.

Error - 10/17/2008 7:27:30 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1002
Description = Server events initialization failed for virtual server 1. Server
events may not be called for this virtual server.

Error - 10/17/2008 7:27:51 AM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
spywarestop

Error - 10/17/2008 9:20:27 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1004
Description = Virtual server 1 was unable to register itself and the local delivery
sink with the event binding database. Server events and local delivery will not
function properly for this virtual server.

Error - 10/17/2008 9:20:27 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1002
Description = Server events initialization failed for virtual server 1. Server
events may not be called for this virtual server.

Error - 10/17/2008 9:20:36 AM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
spywarestop

Error - 10/17/2008 4:58:15 PM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7034
Description = The Iconix Update Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 18, 2008 05:22:11
Records in database: 1320079
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 190006
Threat name: 7
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 03:39:46


File name / Threat name / Threats count
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll Infected: not-a-virus:AdTool.Win32.Zango.u 1
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\HostOL.dll Infected: not-a-virus:AdWare.Win32.HotBar.ch 1
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\243.qit Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\Documents and Settings\John Elizondo\Local Settings\Temporary Internet Files\Content.IE5\75W200ER\playvideo[1].htm Infected: Trojan.JS.Agent.ct 1
C:\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.SpywareBot.d 1
C:\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.gg 1
C:\Program Files\SpywareStop\SpywareStop.exe Infected: not-a-virus:FraudTool.Win32.SpywareBot.al 1

The selected area was scanned.

Edited by madrebel, 18 October 2008 - 05:24 AM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:35 PM

Posted 18 October 2008 - 08:09 PM

Hello, madrebel.
We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/t/174102/fake-windows-firewall-pop-up/
  • Where it says "Browse to the file you want to submit", browse to
    C:\Program Files\iWin Games\iWinGames.exe
  • Press the Posted Image button.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processes
    OEdmn_4.exe
    Explorer.exe
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761233B6-F228-49E4-8F6B-668499D4E55A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{761233B6-F228-49E4-8F6B-668499D4E55A}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBEEBE4F-3EDA-40F4-A0AB-87593EE49C56}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{F4D76F09-7896-458A-890F-E1F05C46069F}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F4D76F09-7896-458A-890F-E1F05C46069F}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ApiSysSmart"=-
    "infocfg"=-
    "MSFox"=-
    "setdsc"=-
    [HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ApiSysSmart"=-
    "infocfg"=-
    "MSFox"=-
    "setdsc"=-
    :files
    C:\Program Files\MorpheusBar
    C:\Program Files\AskPBar
    C:\WINDOWS\system32\ibitwxwn.exe
    C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\a.exe
    C:\WINDOWS\system32\zkfolohy.exe
    C:\WINDOWS\system32\tqzqrcdo.exe
    C:\Documents and Settings\All Users\Application Data\Gogii
    C:\WINDOWS\System32\winlogonpc.exe
    C:\WINDOWS\System32\WINWGPX.EXE
    C:\WINDOWS\System32\winsystem.exe
    C:\WINDOWS\System32\vbsys2.dll
    C:\Program Files\Morpheus
    C:\WINDOWS\System32\VBIEWER.OCX
    C:\WINDOWS\System32\thun32.dll
    C:\WINDOWS\System32\thun.dll
    C:\WINDOWS\System32\taack.exe
    C:\WINDOWS\System32\taack.dat
    C:\WINDOWS\System32\sysreq.exe
    C:\WINDOWS\System32\Rundl1.exe
    C:\WINDOWS\System32\psoft1.exe
    C:\WINDOWS\System32\psof1.exe
    C:\WINDOWS\System32\ps1.exe
    C:\WINDOWS\System32\newsd32.exe
    C:\WINDOWS\System32\netode.exe
    C:\WINDOWS\System32\mwin32.exe
    C:\WINDOWS\System32\mtr2.exe
    C:\WINDOWS\System32\mssecu.exe
    C:\WINDOWS\System32\msgp.exe
    C:\WINDOWS\System32\medup020.dll
    C:\WINDOWS\System32\hxiwlgpm.exe
    C:\WINDOWS\System32\hxiwlgpm.dat
    C:\WINDOWS\System32\bsva-egihsg52.exe
    C:\WINDOWS\System32\bdn.com
    C:\WINDOWS\System32\awtoolb.dll
    C:\WINDOWS\System32\akttzn.exe
    C:\WINDOWS\bdn.com
    C:\WINDOWS\a.bat
    C:\WINDOWS\System32\smp
    C:\Documents and Settings\All Users\Application Data\zkvwnifg
    C:\Documents and Settings\John Elizondo\Application Data\SpywareBot
    C:\Downloads\setupxv.exe
    C:\Documents and Settings\John Elizondo\Local Settings\Temporary Internet Files\Content.IE5\75W200ER\playvideo[1].htm
    C:\Program Files\SpywareStop
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

Billy3

Edited by Billy O'Neal, 18 October 2008 - 08:10 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 madrebel

madrebel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 19 October 2008 - 02:39 AM

Hi Billy, I went to the Java download site and the closest thing I could find to what you asked me to download was "Java Runtime Environment (JRE) 6 Update 7 for Intel Itanium®" This downloaded an .exe file with a different name than the one you listed in your instructions. I have not run the .exe, but I have removed all references to "Java" from my pc already.

Might the file I need be "Java Runtime Environment (JRE) 6 Update 10"?
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.

Windows Offline Installation
jre-6u10-windows-i586-p.exe

#6 madrebel

madrebel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 19 October 2008 - 02:59 AM

OTMoveIt3 log
========== PROCESSES ==========
Process OEdmn_4.exe killed successfully.
Process Explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761233B6-F228-49E4-8F6B-668499D4E55A}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{761233B6-F228-49E4-8F6B-668499D4E55A}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBEEBE4F-3EDA-40F4-A0AB-87593EE49C56}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F4D76F09-7896-458A-890F-E1F05C46069F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4D76F09-7896-458A-890F-E1F05C46069F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F4D76F09-7896-458A-890F-E1F05C46069F}\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ApiSysSmart deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\infocfg deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSFox deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\setdsc deleted successfully.
Registry value HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ApiSysSmart not found.
Registry value HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\infocfg not found.
Registry value HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSFox not found.
Registry value HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\setdsc not found.
========== FILES ==========
C:\Program Files\MorpheusBar\SrchAstt\1.bin moved successfully.
C:\Program Files\MorpheusBar\SrchAstt moved successfully.
C:\Program Files\MorpheusBar\PopSwatr\History moved successfully.
C:\Program Files\MorpheusBar\PopSwatr moved successfully.
C:\Program Files\MorpheusBar\bar\Settings moved successfully.
C:\Program Files\MorpheusBar\bar\History moved successfully.
C:\Program Files\MorpheusBar\bar\Cache moved successfully.
C:\Program Files\MorpheusBar\bar\1.bin moved successfully.
C:\Program Files\MorpheusBar\bar moved successfully.
C:\Program Files\MorpheusBar moved successfully.
File/Folder C:\Program Files\AskPBar not found.
File/Folder C:\WINDOWS\system32\ibitwxwn.exe not found.
File/Folder C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\a.exe not found.
File/Folder C:\WINDOWS\system32\zkfolohy.exe not found.
File/Folder C:\WINDOWS\system32\tqzqrcdo.exe not found.
C:\Documents and Settings\All Users\Application Data\Gogii\THOS2\IWin\data moved successfully.
C:\Documents and Settings\All Users\Application Data\Gogii\THOS2\IWin moved successfully.
C:\Documents and Settings\All Users\Application Data\Gogii\THOS2 moved successfully.
C:\Documents and Settings\All Users\Application Data\Gogii moved successfully.
C:\WINDOWS\System32\winlogonpc.exe moved successfully.
C:\WINDOWS\System32\WINWGPX.EXE moved successfully.
C:\WINDOWS\System32\winsystem.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\vbsys2.dll
C:\WINDOWS\System32\vbsys2.dll NOT unregistered.
C:\WINDOWS\System32\vbsys2.dll moved successfully.
C:\Program Files\Morpheus\Torrents moved successfully.
C:\Program Files\Morpheus\Temp moved successfully.
C:\Program Files\Morpheus\SkinData\happy\xml moved successfully.
C:\Program Files\Morpheus\SkinData\happy\images moved successfully.
C:\Program Files\Morpheus\SkinData\happy moved successfully.
C:\Program Files\Morpheus\SkinData\default\xml moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile\xhtml\images moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile\xhtml moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile\template moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile\searches moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile\public moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile\monetization moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile\images moved successfully.
C:\Program Files\Morpheus\SkinData\default\mobile moved successfully.
C:\Program Files\Morpheus\SkinData\default\images moved successfully.
C:\Program Files\Morpheus\SkinData\default moved successfully.
C:\Program Files\Morpheus\SkinData\Common\Scripts moved successfully.
C:\Program Files\Morpheus\SkinData\Common moved successfully.
C:\Program Files\Morpheus\SkinData moved successfully.
C:\Program Files\Morpheus\Schemas moved successfully.
C:\Program Files\Morpheus\Partials moved successfully.
C:\Program Files\Morpheus\Offers moved successfully.
C:\Program Files\Morpheus\My Shared Folder moved successfully.
C:\Program Files\Morpheus\Lang moved successfully.
C:\Program Files\Morpheus\Downloads moved successfully.
C:\Program Files\Morpheus moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\VBIEWER.OCX
C:\WINDOWS\System32\VBIEWER.OCX NOT unregistered.
C:\WINDOWS\System32\VBIEWER.OCX moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\thun32.dll
C:\WINDOWS\System32\thun32.dll NOT unregistered.
C:\WINDOWS\System32\thun32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\thun.dll
C:\WINDOWS\System32\thun.dll NOT unregistered.
C:\WINDOWS\System32\thun.dll moved successfully.
C:\WINDOWS\System32\taack.exe moved successfully.
C:\WINDOWS\System32\taack.dat moved successfully.
C:\WINDOWS\System32\sysreq.exe moved successfully.
C:\WINDOWS\System32\Rundl1.exe moved successfully.
C:\WINDOWS\System32\psoft1.exe moved successfully.
C:\WINDOWS\System32\psof1.exe moved successfully.
C:\WINDOWS\System32\ps1.exe moved successfully.
C:\WINDOWS\System32\newsd32.exe moved successfully.
C:\WINDOWS\System32\netode.exe moved successfully.
C:\WINDOWS\System32\mwin32.exe moved successfully.
C:\WINDOWS\System32\mtr2.exe moved successfully.
C:\WINDOWS\System32\mssecu.exe moved successfully.
C:\WINDOWS\System32\msgp.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\medup020.dll
C:\WINDOWS\System32\medup020.dll NOT unregistered.
C:\WINDOWS\System32\medup020.dll moved successfully.
C:\WINDOWS\System32\hxiwlgpm.exe moved successfully.
C:\WINDOWS\System32\hxiwlgpm.dat moved successfully.
C:\WINDOWS\System32\bsva-egihsg52.exe moved successfully.
C:\WINDOWS\System32\bdn.com moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\awtoolb.dll
C:\WINDOWS\System32\awtoolb.dll NOT unregistered.
C:\WINDOWS\System32\awtoolb.dll moved successfully.
C:\WINDOWS\System32\akttzn.exe moved successfully.
C:\WINDOWS\bdn.com moved successfully.
C:\WINDOWS\a.bat moved successfully.
C:\WINDOWS\System32\smp moved successfully.
C:\Documents and Settings\All Users\Application Data\zkvwnifg moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Settings moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\31-03-2008-08-12-00 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\31-01-2008-03-06-34 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\30-01-2008-07-30-48 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\29-03-2008-03-30-10 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\29-01-2008-00-03-30 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\28-01-2008-08-10-11 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\27-03-2008-03-05-44 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\27-01-2008-04-21-32 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-04-2008-04-10-05 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-03-2008-03-14-48 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\549.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\548.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\547.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\546.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\262.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\261.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\260.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\258.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\257.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\255.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\253.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\244.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\201.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\200.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\199.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\195.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\25-04-2008-14-35-58 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\25-03-2008-03-02-01 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\24-03-2008-03-00-33 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\23-04-2008-03-11-36 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\23-03-2008-03-01-44 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\22-04-2008-14-28-11 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\22-03-2008-03-00-42 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\21-04-2008-03-15-09 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\20-04-2008-20-56-11 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\20-03-2008-03-00-34 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\20-02-2008-03-08-46 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\19-04-2008-11-44-02 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\19-03-2008-03-00-32 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\18-04-2008-04-43-50 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\18-03-2008-03-00-42 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\17-04-2008-04-33-33 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\17-03-2008-03-35-11 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\17-02-2008-03-05-38 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\16-04-2008-03-01-13 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-04-2008-03-58-21 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\firefox\extensions\plugins moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\firefox\extensions\components moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\firefox\extensions moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\firefox moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\14-06-2008-00-59-36 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\14-04-2008-03-13-01 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\13-04-2008-03-01-11 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\13-02-2008-04-24-34 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\12-04-2008-06-32-33 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\12-02-2008-03-02-35 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\11-04-2008-03-05-17 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\11-02-2008-05-00-59 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\10-04-2008-03-17-25 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\10-02-2008-04-53-40 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\09-04-2008-03-06-34 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\09-02-2008-03-01-47 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\08-04-2008-03-00-38 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\08-02-2008-04-07-58 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\07-04-2008-03-29-10 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\07-02-2008-04-49-54 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\06-04-2008-01-21-07 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\06-02-2008-03-38-15 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\05-04-2008-16-19-53 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\05-02-2008-03-00-57 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\04-04-2008-03-00-53 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\04-02-2008-03-39-26 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\03-02-2008-06-19-46 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\02-04-2008-04-14-47 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\02-02-2008-03-47-59 moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot\Log moved successfully.
C:\Documents and Settings\John Elizondo\Application Data\SpywareBot moved successfully.
C:\Downloads\setupxv.exe moved successfully.
C:\Documents and Settings\John Elizondo\Local Settings\Temporary Internet Files\Content.IE5\75W200ER\playvideo[1].htm moved successfully.
C:\Program Files\SpywareStop moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\hsperfdata_John Elizondo\1948 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\~DF427.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\John Elizondo\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-10df0bdf scheduled to be deleted on reboot.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10192008_012929

Files moved on Reboot...
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\FSSync.dll
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kave.dll
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\lha.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prLoader.dll
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\rar.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\jkos-John Elizondo\binaries\WDiskIO.ppl moved successfully.
File C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\hsperfdata_John Elizondo\1948 not found!
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\~DF427.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\John Elizondo\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-10df0bdf moved successfully.




OTViewIt logfile created on: 10/19/2008 2:42:05 AM - Run 3
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\John Elizondo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 610.01 Mb Available Physical Memory | 59.60% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 67.16 Gb Free Space | 28.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MADREBEL
Current User Name: John Elizondo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/04/01 10:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
[2008/08/29 14:30:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/09/06 17:32:23 | 00,254,224 | ---- | M] () -- C:\Program Files\Common Files\Iconix\IconixService.exe
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/07/04 09:52:47 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/08/29 14:30:08 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2007/04/10 14:01:18 | 00,336,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
[2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2001/08/17 17:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
[2008/09/29 23:53:29 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2004/08/03 20:07:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/09/06 17:32:18 | 00,332,560 | ---- | M] () -- C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe
[2007/09/01 16:44:06 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/04/01 10:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[2008/02/29 03:55:46 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/17 23:25:49 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 14:30:08 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/29 14:30:07 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/04/01 10:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/08/11 19:06:25 | 01,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2007/09/01 04:49:30 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/09/06 17:32:23 | 00,254,224 | ---- | M] () -- C:\Program Files\Common Files\Iconix\IconixService.exe -- (IconixService [Auto | Running])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
[2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc [Auto | Running])
[2008/05/02 22:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/08/03 20:07:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/03 20:07:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2008/08/29 14:30:06 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/04 09:52:47 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/04 09:53:00 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[1998/06/02 15:55:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [System | Running])
[2002/06/05 18:07:00 | 00,009,344 | ---- | M] (B.H.A Co.,Ltd.) -- C:\WINDOWS\system32\drivers\bsstor.sys -- (BsStor [Boot | Running])
[2003/01/27 14:47:54 | 00,501,376 | ---- | M] (ahead software) -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF [Disabled | Stopped])
[2007/03/22 21:49:54 | 00,539,072 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
[2007/03/22 21:50:08 | 00,037,424 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Running])
[2007/03/31 00:02:42 | 00,876,384 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2007/03/22 21:50:24 | 00,149,123 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2007/03/31 00:02:40 | 00,055,352 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid [On_Demand | Stopped])
[2007/03/22 21:50:42 | 00,067,960 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
[2001/08/17 07:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Running])
[2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2002/12/05 04:21:00 | 00,083,072 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2002/10/07 03:56:00 | 00,040,400 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2007/08/07 14:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2007/02/15 19:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2001/08/17 07:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
[2001/08/17 07:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
[2001/08/17 07:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2004/08/03 18:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2002/10/08 05:03:15 | 00,007,582 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm [System | Running])
[2008/02/29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2005/07/23 00:41:08 | 00,055,040 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou [On_Demand | Stopped])
[2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2005/07/23 00:41:46 | 00,026,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
[2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2005/07/23 00:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
[2008/05/02 22:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[1998/09/30 14:08:24 | 00,010,256 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\PARPEPPY.SYS -- (PARPEPPY [Auto | Running])
[2004/07/29 00:14:22 | 00,091,577 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID [On_Demand | Running])
[2002/10/01 10:22:32 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/03 20:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 07:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
[2002/10/10 17:11:48 | 00,005,621 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2002/10/10 17:11:00 | 00,023,027 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2002/11/19 04:50:00 | 00,023,671 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2002/11/19 04:50:00 | 00,034,807 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2002/11/19 04:50:00 | 00,004,119 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2002/11/19 04:50:00 | 00,002,203 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2002/11/19 04:50:00 | 00,055,286 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2002/11/19 04:50:00 | 00,014,039 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2002/11/19 04:50:00 | 00,006,327 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2002/11/19 04:50:00 | 00,091,158 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2002/11/19 04:50:00 | 00,095,479 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/08/03 18:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2004/08/03 20:07:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/08/03 20:07:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.yahoo.com/?fr=fptb-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.yahoo.com/?fr=fptb-

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" (HKLM) -- C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"IconixOEAddOn"="C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe" ()
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup File not found
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime (Apple Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2007/04/01 10:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2008/09/21 13:42:54 | 00,108,032 | ---- | M] (iWin Inc.) -- C:\Documents and Settings\Monica Ezell\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoControlPanel"=0
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"UvAhFssiqt"=C:\Documents and Settings\All Users\Application Data\zkvwnifg\hcxmvitk.exe -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoControlPanel"=0
"NoWindowsUpdate"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoControlPanel"=0
"NoWindowsUpdate"=0

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&ieSpell Options: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
&Winamp Search: C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008/03/19 17:21:40 | 00,000,748 | ---- | M] ()
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
&Yahoo! Search: File not found
Add to Windows &Live Favorites: File not found
Check &Spelling: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
Lookup on Merriam Webster: File not found
Lookup on Wikipedia: File not found
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 09:16:32 | 00,002,773 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&D&ownload &with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all video with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&D&ownload all with BitComet: C:\Program Files\BitComet\BitComet.exe [2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com)
&ieSpell Options: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
&Winamp Search: C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [2008/03/19 17:21:40 | 00,000,748 | ---- | M] ()
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 12:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
&Yahoo! Search: File not found
Add to Windows &Live Favorites: File not found
Check &Spelling: C:\Program Files\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
Lookup on Merriam Webster: File not found
Lookup on Wikipedia: File not found
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 09:16:32 | 00,002,773 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: Button: ieSpell -- %ProgramFiles%\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: Menu: ieSpell -- %ProgramFiles%\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: Menu: ieSpell Options -- %ProgramFiles%\ieSpell\ieSpell.dll [2006/10/31 09:07:16 | 00,262,144 | ---- | M] (Red Egg Software)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{400A6CFA-E326-4d61-A90C-9AD75358DC5F}: Menu: Email ID Preferences -- %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}: Button: PalTalk -- %ProgramFiles%\Paltalk Messenger\Paltalk.exe File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/04/30 17:17:34 | 01,372,160 | ---- | M] (Skype Technologies S.A.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2007/10/25 11:26:48 | 00,053,248 | ---- | M] ()
{BC3F6B6D-2E49-4603-B028-7411655713F3}: Menu: About Email ID -- %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 09:16:32 | 00,005,589 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 09:16:32 | 00,005,589 | ---- | M] ()
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.2.28.dll File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKLM] -> [ieSpell] -> File not found
CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKLM] -> [ieSpell Options] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{400A6CFA-E326-4d61-A90C-9AD75358DC5F} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [Email ID Preferences] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 11:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{BC3F6B6D-2E49-4603-B028-7411655713F3} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [About Email ID] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKLM] -> [ieSpell] -> File not found
CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKLM] -> [ieSpell Options] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Blog This] -> [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{400A6CFA-E326-4d61-A90C-9AD75358DC5F} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [Email ID Preferences] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKLM] -> %ProgramFiles%\Paltalk Messenger\Paltalk.exe [PalTalk] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2007/10/25 11:26:48 | 00,053,248 | ---- | M] ()
CmdMapping\\{BC3F6B6D-2E49-4603-B028-7411655713F3} [HKLM] -> %ProgramFiles%\Iconix\IEAddOn\IconixBHO_35.dll [About Email ID] -> [2008/10/09 03:45:55 | 00,701,200 | ---- | M] ()
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.bcf: Belarc Advisor and BelLive - Belarc's Content Personalization with Privacy -- C:\Program Files\Internet Explorer\PLUGINS\NPBelv32.dll [2002/08/02 18:30:30 | 00,774,144 | ---- | M] (Belarc, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-796845957-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
2 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: http://support.cox.com/sdccommon/download/tgctlcm.cab -- Support.com Configuration Class
{12F7F128-B36C-4843-8AA4-A5F71A969331}: https://horizons.istaria.com/controls/launcher.ocx -- Launcher Control
{1671869C-25B3-4C80-9446-8AE6111F8765}: http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab -- MaxisHotDateTeleX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab -- CDownloadCtrl Object
{4063B398-3FC7-433E-B23B-0460CE7EDC27}: http://thesims.ea.com/teleport/makinmagic/...nMagicTeleX.cab -- MaxisMakinMagicTeleX Control
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1205919709140 -- WUWebControl Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1205919674171 -- MUWebControl Class
{8714912E-380D-11D5-B8AA-00D0B78F3D48}: http://chat.yahoo.com/cab/yuplapp.cab -- Yahoo! Webcam Upload Wrapper
{A44B714B-EE0F-453E-9300-A69B321FEF6C}: http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab -- MaxisSimsFamilyTeleX Control
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19}: http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab -- CPlayFirstddfotgControl Object
{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/download/7/E...04/clearadj.cab -- CTAdjust Class
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}: http://zone.msn.com/bingame/popcaploader_v10.cab -- PopCapLoader Object
{FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0}: http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab -- moDiagCollectionActiveX Object

========== (O17) DNS Name Servers ==========

{1C75D169-D456-4789-BCF4-AA17EF8981C7} (Servers: | Description: VIA Compatable Fast Ethernet Adapter)
{4A646483-A189-4B02-B415-99D4D92CE477} (Servers: | Description: )
{B6D729AF-69B1-487E-8747-0637CC7C9E95} (Servers: | Description: )
{C9AB3DE5-4FC0-4D9D-94F8-9B28A7D7F36C} (Servers: | Description: Motorola SURFboard SB5120 USB Cable Modem)
{DD083179-B3E4-4E12-B793-668F58BBABE2} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
>[2007/08/11 19:06:25 | 00,145,408 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2008/07/04 09:52:48 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
LBTWlgn: "DllName" = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/01/31 01:07:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/19 02:41:05 | 16,156,056 | ---- | C] () -- C:\Documents and Settings\John Elizondo\Desktop\jre-6u10-windows-i586-p.exe
[2008/10/19 02:24:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Desktop\New Folder (2)
[2008/10/19 01:29:29 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/19 01:28:16 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTMoveIt3.exe
[2008/10/17 23:57:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Desktop\Fixing
[2008/10/17 23:22:30 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTViewIt.exe
[2008/10/17 16:04:47 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC6C3E47-7E62-4B4D-81CC-C0059FCF5760}.job
[2008/10/17 06:28:35 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2008/10/17 06:28:35 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008/10/12 18:45:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\John Elizondo\Desktop\HijackThis.lnk
[2008/10/12 18:45:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/12 16:36:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2008/10/12 16:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2008/10/12 07:33:45 | 00,000,000 | ---D | C] -- C:\Program Files\Snapshot Viewer
[2008/10/12 03:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Desktop\Wallpaper
[2008/10/08 05:22:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/10/08 05:12:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/08 02:03:02 | 00,099,362 | ---- | C] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports 2.mht
[2008/10/06 12:59:56 | 00,048,068 | ---- | C] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports.mht
[2008/10/04 15:20:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Application Data\Real
[2008/10/01 00:50:34 | 00,001,655 | ---- | C] () -- C:\Documents and Settings\John Elizondo\Desktop\FXCM Micro Trading Station II.lnk
[2008/09/22 06:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Elizondo\Desktop\New Folder

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\*.tmp files]
[2008/10/19 02:41:06 | 16,156,056 | ---- | M] () -- C:\Documents and Settings\John Elizondo\Desktop\jre-6u10-windows-i586-p.exe
[2008/10/19 02:07:54 | 00,162,422 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/19 02:07:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/19 02:06:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/19 02:06:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/19 01:39:25 | 29,017,819 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/19 01:28:26 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTMoveIt3.exe
[2008/10/18 17:03:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC6C3E47-7E62-4B4D-81CC-C0059FCF5760}.job
[2008/10/18 03:00:06 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\SpywareStop Scheduled Scan.job
[2008/10/18 03:00:01 | 00,000,504 | ---- | M] () -- C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
[2008/10/18 01:34:04 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/10/17 23:25:49 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Elizondo\Desktop\OTViewIt.exe
[2008/10/15 23:52:50 | 00,043,628 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/15 11:38:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/12 20:55:14 | 00,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareStop.lnk
[2008/10/12 18:45:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\John Elizondo\Desktop\HijackThis.lnk
[2008/10/10 00:17:13 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 05:10:00 | 00,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/08 04:43:56 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 02:03:03 | 00,099,362 | ---- | M] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports 2.mht
[2008/10/07 12:46:00 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/07 06:27:50 | 00,145,920 | ---- | M] () -- C:\Documents and Settings\John Elizondo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/06 12:59:57 | 00,048,068 | ---- | M] () -- C:\Documents and Settings\John Elizondo\My Documents\FX Reports.mht
[2008/10/01 00:50:34 | 00,001,655 | ---- | M] () -- C:\Documents and Settings\John Elizondo\Desktop\FXCM Micro Trading Station II.lnk
[2008/09/19 14:17:55 | 02,654,512 | -H-- | M] () -- C:\Documents and Settings\John Elizondo\Local Settings\Application Data\IconCache.db
< End of report >





OTViewIt Extras logfile created on: 10/19/2008 2:42:05 AM - Run 3
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\John Elizondo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 610.01 Mb Available Physical Memory | 59.60% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 67.16 Gb Free Space | 28.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MADREBEL
Current User Name: John Elizondo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/03 20:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/02/23 00:45:07 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/03 20:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2008/05/27 21:58:12 | 04,269,296 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/01/31 07:14:05 | 00,784,032 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/01/31 07:26:58 | 00,771,373 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/01/31 07:30:12 | 00,771,493 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/09/07 18:01:54 | 00,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2007/02/15 01:23:21 | 00,771,373 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/02/16 03:06:59 | 00,771,353 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/02/23 00:45:07 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/03/07 05:29:48 | 00,771,362 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/08/22 01:07:26 | 02,567,992 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
[2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/04/03 12:02:13 | 00,771,411 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2005/09/14 10:46:42 | 00,221,184 | ---- | M] () -- C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv
[2008/02/05 15:29:18 | 06,190,320 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
[2007/08/15 01:36:55 | 00,807,854 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\WoWTest\WoW-0.2.0.7051-to-0.2.0.7091-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2007/08/22 14:43:40 | 00,090,112 | ---- | M] (CCP hf.) -- C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile
[2002/10/07 22:08:12 | 00,905,216 | ---- | M] () -- C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3
[2004/07/30 12:04:22 | 00,245,760 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe:*:Enabled:Creative Cam Detector
[2004/07/29 11:13:32 | 00,168,031 | ---- | M] () -- C:\Program Files\Creative\Creative WebCam Instant\WebCam Center\WebCamCenter.exe:*:Enabled:Creative WebCam Center
[2008/10/05 09:49:45 | 01,563,416 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application.
[2007/12/21 17:28:06 | 00,082,200 | ---- | M] () -- C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater.
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/03/22 06:02:31 | 00,424,067 | ---- | M] (Blizzard North) -- C:\Program Files\Diablo II\Game.exe:*:Enabled:Diablo II
File not found -- C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus
[2008/09/12 12:21:22 | 01,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp
[2004/08/03 20:07:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
File not found -- C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene
[2008/01/29 21:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
[2008/03/31 20:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
[2008/03/27 20:00:24 | 05,844,992 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2001/08/29 06:48:16 | 01,486,890 | ---- | M] (DeepRed Games Ltd) -- C:\Program Files\Infogrames Interactive\Monopoly Tycoon\mc.exe:*:Enabled:Monopoly Tycoon
[2008/08/29 02:04:53 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/08/29 14:30:08 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\Program Files\Codemasters\RF Online\RF.exe:*:Enabled:RFLauncher
[2008/06/28 16:00:56 | 01,789,440 | ---- | M] (Flagship Studios) -- C:\Program Files\Flagship Studios\Mythos\bin\Mythos.exe:*:Enabled:Mythos
[2008/08/22 01:28:32 | 00,537,400 | ---- | M] (http://www.bitcomet.com) -- C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe:*:Enabled:eMule plugin host for BitComet
[2008/07/09 14:58:46 | 12,718,080 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
[2008/07/09 15:30:05 | 12,578,816 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
[2008/07/30 02:19:32 | 02,478,080 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
[2008/06/18 14:15:37 | 04,993,024 | ---- | M] (Obsidian Entertainment, Inc.) -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
[2008/02/29 03:55:46 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/08/28 10:18:24 | 03,660,848 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
[2008/04/21 03:27:46 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/04/30 17:17:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2002/08/02 12:52:52 | 00,036,864 | ---- | M] (Belarc, Inc.) C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} (HKLM) [VoilaXctl Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/23 00:45:07 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/04 09:52:55 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 13:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/30 17:17:34 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 13:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00120409-78E1-11D2-B60F-006097C998E7}"=Microsoft FrontPage 2000
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=DLA
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.4.3
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}"=Windows Live Photo Gallery
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools
"{4432EA0E-A717-43C2-9E8A-0B56FD5189EB}"=SpywareStop
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{60E80B13-8649-4A69-85E2-1AE99E061F43}"=ShowBiz DVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}"=Simple Backup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}"=The Sims 2 Family Fun Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8214CC02-6271-4DC8-B8DD-779933450264}"=RecordNow
"{84814E6B-2581-46EC-926A-823BD1C670F6}"=WIDCOMM Bluetooth Software
"{85DD724B-15E5-4572-81BF-CF9031D83848}"=Ventrilo Server
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}"=CDDRV_Installer
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}"=The Sims Makin' Magic
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}"=The Sims 2 Glamour Life Stuff
"{A2453998-F3D8-426D-B96F-0777B120E388}"=Mythos
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}"=Nero - Burning Rom
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B07F0D17-FE19-4BE6-9F83-27E52CF381D5}"=Utherverse 3D Client
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B37C842A-B624-46B8-A727-654E72F1C91A}"=Calculator Powertoy for Windows XP
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}"=Monopoly Tycoon
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}"=KhalSetup
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}"=Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DCF9A8CC-6EB4-156B-7E67-BABDACF9218D}"=Family Feud
"{DD54CF66-090B-43E7-97C1-110EF526474D}"=ArcSoft Multimedia Email
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims™ 2 Seasons
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}"=The Sims™ 2 Celebration! Stuff
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}"=Yahoo! Music Jukebox
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F20C1251-1D0A-4944-B2AE-678581B33B19}"=Neverwinter Nights 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F41D7749-D973-42E7-BD80-64309766C39E}"=Dungeon Lords
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}"=Jasc Paint Shop Pro 9
"{FC888095-A35E-4993-A9E0-366BF6F0CCE0}"=ArcSoft PhotoImpression 5
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AfterWorld_is1"=AfterWorld Alpha 8
"Alchemy 1.2"=Alchemy 1.2
"Anarchy Online_is1"=Anarchy Online
"AnyTV_is1"=AnyTV 2.10
"Auctioneer"=Auctioneer AddOns
"AVG8Uninstall"=AVG Free 8.0
"AVI Splitter_is1"=AVI Splitter
"Belarc Advisor 2.0"=Belarc Advisor 5.1
"BitComet"=BitComet 1.04
"BitTorrent"=BitTorrent 5.0.9
"CamStudio"=CamStudio
"CloneDVD2"=CloneDVD2
"Coupon Printer for Windows2.0"=Coupon Printer for Windows
"Cox Online Support Controls_is1"=Cox Online Support Controls
"Creative Launcher"=Creative Launcher
"Creative PD0620"=Creative WebCam Instant Driver (1.01.02.0729)
"Creative WebCam Center"=Creative WebCam Center
"Creative WebCam Instant User's Guide English"=Creative WebCam Instant User's Guide (English)
"Diablo II"=Diablo II
"DivX Content Uploader"=DivX Content Uploader
"DivX Total Pack"=DivX Total Pack
"Download Manager"=Download Manager 2.3.6
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"EVE"=EVE-ONLINE (remove only)
"EVEMon"=EVEMon
"Family Feud"=Family Feud (remove only)
"FamilyFeudOnlineParty"=FamilyFeudOnlineParty (remove only)
"FreeUndelete"=FreeUndelete
"FrostWire"=FrostWire 4.17.0
"FXCM Micro Trading Station II"=FXCM Micro Trading Station II
"FXCM Trading Station II"=FXCM Trading Station II
"GameSpotDownloadManager"=GameSpot Download Manager
"Get Yahoo! Messenger"=Get Yahoo! Messenger
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"Homeworld2"=Homeworld2
"hp dvd writer"=hp dvd writer
"Iconix eMail ID"=Iconix™ eMail ID
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ieSpell"=ieSpell
"Image Composer"=Microsoft Image Composer 1.5
"InCD!UninstallKey"=Ahead InCD
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"iWinArcade"=iWin Games (remove only)
"Jasc Paint Shop Pro 9 GDI+ Patch"=Jasc Paint Shop Pro 9 GDI+ Patch
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)"=Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"Jasc Paint Shop Pro 9.01 Patch"=Jasc Paint Shop Pro 9.01 Patch
"Mah Jong Quest"=Mah Jong Quest (remove only)
"Mah Jong Quest II"=Mah Jong Quest II (remove only)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Morpheus"=Morpheus 5.5 (remove only)
"MorpheusToolbar Uninstall"=Morpheus Toolbar
"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)
"MpcStar"=MpcStar 3.1
"MRW!UninstallKey"=Ahead InCD EasyWrite Reader
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"oggcodecs"=oggcodecs 0.71.0946
"Orb"=Winamp Remote
"PixRecovery"=PixRecovery
"Quake III Arena"=Quake III Arena
"Quake III Arena Point Release 1.32"=Quake III Arena Point Release 1.32
"Recorder"=Creative Recorder
"Recover My Files_is1"=Recover My Files
"SecondLife"=SecondLife (remove only)
"Settlers3Deinstall"=Settlers3
"Sid Meier's Alpha Centauri"=Sid Meier's Alpha Centauri
"Siedler3EditorUninstall"=SETTLERS III Level Editor
"Siedler3MissionUninstall"=The SETTLERS III Mission CD
"Sophos-AntiRootkit"=Sophos Anti-Rootkit 1.3.1
"System Mechanic 6_is1"=iolo technologies' System Mechanic 6
"SystemRequirementsLab"=System Requirements Lab
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"Total Video Converter 3.11_is1"=Total Video Converter 3.11 070908
"Utherverse 3D Client"=Utherverse 3D Client
"VLC media player"=VideoLAN VLC media player 0.8.6a
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"WinAmp Control for Google Desktop_is1"=WinAmp Control for Google Desktop 1.3
"Winamp Toolbar"=Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox"=Winamp Toolbar for Firefox
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)
"Xvid_is1"=Xvid 1.1.2 final uninstall
"Yahoo! Anti-Spy"=Yahoo! Anti-Spy
"Yahoo! Companion"=Yahoo! ¤u¨ă¦C
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
"Zylom Games Player Plugin"=Zylom Games Player Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2008 3:18:05 AM | Computer Name = MADREBEL | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 4/8/2008 2:50:09 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2008 2:50:15 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1001
Description = Fault bucket 625112620.

Error - 4/8/2008 3:57:22 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.907, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2008 3:57:23 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.907, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2008 5:36:23 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2008 5:36:40 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2008 5:36:59 PM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.907, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2008 1:17:48 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2008 1:17:51 AM | Computer Name = MADREBEL | Source = Application Hang | ID = 1001
Description = Fault bucket 625112620.

[ System Events ]
Error - 10/17/2008 9:20:27 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1004
Description = Virtual server 1 was unable to register itself and the local delivery
sink with the event binding database. Server events and local delivery will not
function properly for this virtual server.

Error - 10/17/2008 9:20:27 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1002
Description = Server events initialization failed for virtual server 1. Server
events may not be called for this virtual server.

Error - 10/17/2008 9:20:36 AM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
spywarestop

Error - 10/17/2008 4:58:15 PM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7034
Description = The Iconix Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/19/2008 2:37:39 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1004
Description = Virtual server 1 was unable to register itself and the local delivery
sink with the event binding database. Server events and local delivery will not
function properly for this virtual server.

Error - 10/19/2008 2:37:39 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1002
Description = Server events initialization failed for virtual server 1. Server
events may not be called for this virtual server.

Error - 10/19/2008 2:37:48 AM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
spywarestop

Error - 10/19/2008 3:06:23 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1004
Description = Virtual server 1 was unable to register itself and the local delivery
sink with the event binding database. Server events and local delivery will not
function properly for this virtual server.

Error - 10/19/2008 3:06:23 AM | Computer Name = MADREBEL | Source = smtpsvc | ID = 1002
Description = Server events initialization failed for virtual server 1. Server
events may not be called for this virtual server.

Error - 10/19/2008 3:06:33 AM | Computer Name = MADREBEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
spywarestop


< End of report >

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:35 PM

Posted 19 October 2008 - 12:47 PM

Hello, madrebel.
You're right :thumbsup: Java just updated. Go ahead and install the Update 10 file then ;)

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
    C:\WINDOWS\tasks\SpywareStop Scheduled Scan.job
    C:\Documents and Settings\All Users\Desktop\SpywareStop.lnk
    C:\Documents and Settings\All Users\Application Data\zkvwnifg
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
    "UvAhFssiqt"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{4432EA0E-A717-43C2-9E8A-0B56FD5189EB}"=-
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 madrebel

madrebel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 19 October 2008 - 10:24 PM

OTMoveIt3 Report

========== FILES ==========
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job moved successfully.
C:\WINDOWS\tasks\SpywareStop Scheduled Scan.job moved successfully.
C:\Documents and Settings\All Users\Desktop\SpywareStop.lnk moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\zkvwnifg not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\UvAhFssiqt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{4432EA0E-A717-43C2-9E8A-0B56FD5189EB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4432EA0E-A717-43C2-9E8A-0B56FD5189EB}\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\~DFE70B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10192008_131228

Files moved on Reboot...
C:\DOCUME~1\JOHNEL~1\LOCALS~1\Temp\~DFE70B.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat not found!





ESET OnlineScan's Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3536 (20081019)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=bd115a915ff54d4da67a804599a9e820
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-19 11:55:38
# local_time=2008-10-19 06:55:38 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=446033
# found=10
# scan_time=6112
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\HostIE.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\HostOL.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\SeekmoSAAX.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\Srv.exe Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\Toolbar.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\Wallpaper.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\15-03-2008-11-08-10\46.qit\bin\10.0.406.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Documents and Settings\John Elizondo\Application Data\SpywareBot\Quarantine\26-01-2008-17-39-27\259.qit Win32/Toolbar.AskSBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL Win32/Toolbar.Morpheus application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10192008_012929\Program Files\SpywareStop\TCL.dll Win32/Adware.AntiSpyware2008 application (unable to clean - deleted) 00000000000000000000000000000000



HiJack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:38 PM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_4.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_35.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTeleX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.com/teleport/makinmagic/...nMagicTeleX.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205919709140
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205919674171
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.com/teleport/families/Ma...FamilyTeleX.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 14690 bytes

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:35 PM

Posted 19 October 2008 - 10:57 PM

Hello, madrebel.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 madrebel

madrebel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 20 October 2008 - 12:45 AM

I think everything is doing quite well now, thanks! I do have an irritating problem with my browser not wanting to open some pages, and having to refresh them to get them to open, but otherwise everything is just great. I sure do appreciate all the help, and will be happy to sign your guest book as well :thumbsup:

Spell check edit...lol

Edited by madrebel, 20 October 2008 - 01:47 AM.


#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:35 PM

Posted 20 October 2008 - 01:28 PM

Hello, madrebel.

Glad to hear it's all working okay.

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users