Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent.ALCE


  • This topic is locked This topic is locked
26 replies to this topic

#1 WarBlade

WarBlade

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 19 November 2008 - 01:33 AM

Hi there Ive been a fan of this site for some while now. Lots of great info but now I definitly need some help. I doesnt seem to matter what I do (have manged to remove a bunch of the critters) now I just can seem to rid myself of the last few. I have seen as many as 15 svchost.exe processes running at once on this computer at any one time. This computer is going out on the net and firing off several emails. Enough that I have been contacted by my ISP. I went through the check list for before posting and here are some of the trojans that have shown up.

Trojan.Agent.ALCE
Trojan.Dropper.SHN
Trojan.FakeAlert.AB2
Troajn.Dropper.Kobcka.EN
Trojan.Qhosts.ARE
BehavesLike:Win32.Explore_Hijack

I have removed this computer from net access after I did the required scans. When this comp first came to me I was unable to log in to a user without being logged off right away in either normal mode or safe mode. I have gotten past that and cleaned most of it but the rest just doesnt want to clear out.

Here is a HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:51 AM, on 11/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: targetedbanner browser enhancer - {E54F56DD-104D-5BBB-111D-7912D14EE471} - C:\WINDOWS\system32\xzxffwzmof.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [kczrgvgeyxuagqwip] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xzxffwzmof.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Courtney\NewVersion\setup-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17DF9D0D-036E-424B-98D7-A41E4CE783EF} - ms-its:mhtml:file://c:\\nores.mht!http://adxcnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: bw+0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {4E510A45-31AA-45CC-9944-0C9407B7C05A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: priarsz - priarsz.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)

--
End of file - 19110 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:46 PM

Posted 26 November 2008 - 10:15 PM

Hello, WarBlade
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run a Scan with DDS
  • Please download DDS, and save it to your desktop, from one of the following mirrors:
  • Disable any type of "Script Blockers" or "Script Protection" installed on your system.
  • Double click Posted Image on your desktop.
  • If prompted by any script blocking tools, please allow any actions taken by DDS.
  • When prompted to preform an Optional Scan, please select Posted Image
  • Two reports will open. Please reply with the generated reports:
    • DDS.txt <-- Copy and paste into your next post
    • Attach.txt <-- Attach to your next post
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • DDS.txt
  • Attach.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 27 November 2008 - 08:59 PM

Hi Billy,

Thx for helping me out. Ok heres the first problem we have right off the bat. The DDS thing you wanted me to run didnt seem to want to work, on this system at least. It would open a dos window that had a description about it and mentioning it was meant for 1 time use etc. Then it seemed to be working but after a bit it would say sort.exe not recognized and it would close. I tried about 5 times but could never catch the whole error message. I then went ahead with the gmer scan and here is the report for that. Hope that is ok.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-27 20:46:02
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip 8243783A
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp 8243783A
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Udp 8243783A
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp 8243783A
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST 8243783A
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.14 ----

Thread 4:504 82430602
Thread 4:508 82430602
Thread 4:512 82430602
Thread 4:516 82430602
Thread 4:520 82430602
Thread 4:524 82430602
Thread 4:528 82430602
Thread 4:532 82430602
Thread 4:536 82430602
Thread 4:540 82430602
Thread 4:544 82430602
Thread 4:548 82430602
Thread 4:552 82430602
Thread 4:556 82430602
Thread 4:560 82430602
Thread 4:564 82430602
Thread 4:568 82430602
Thread 4:572 82430602
Thread 4:576 82430602
Thread 4:580 82430602
Thread 4:584 82430602
Thread 4:588 82430602
Thread 4:592 82430602
Thread 4:596 82430602
Thread 4:600 82430602
Thread 4:604 82430602
Thread 4:608 82430602
Thread 4:612 82430602
Thread 4:616 82430602
Thread 4:620 82430602
Thread 4:624 82430602
Thread 4:628 82430602
Thread 4:632 82430602
Thread 4:636 82430602
Thread 4:640 82430602
Thread 4:644 82430602
Thread 4:648 82430602
Thread 4:652 82430602

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 12: copy of MBR

---- EOF - GMER 1.0.14 ----


Thanks again

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:46 PM

Posted 27 November 2008 - 11:50 PM

Hello, WarBlade
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processes
    explorer.exe
    :services
    FCI
    ICF
    :files
    @C:\WINDOWS\system32\svchost.exe:ext.exe
    c:\nores.mht
    C:\WINDOWS\system32\xzxffwzmof.dll
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\*.sxload.net]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E54F56DD-104D-5BBB-111D-7912D14EE471}]
    [-HKEY_CLASSES_ROOT\CLSID\{E54F56DD-104D-5BBB-111D-7912D14EE471}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\priarsz]
    :commands
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

Billy3

Edited by Billy O'Neal, 27 November 2008 - 11:51 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 28 November 2008 - 09:27 PM

Hi Billy,

Ok everything seemed to have worked this time and here are the logs you asked for.


OTMoveIT3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service FCI stopped successfully.
Service FCI deleted successfully.
Service ICF stopped successfully.
Service ICF deleted successfully.
========== FILES ==========
Unable to delete ADS C:\WINDOWS\system32\svchost.exe:ext.exe .
File/Folder c:\nores.mht not found.
File/Folder C:\WINDOWS\system32\xzxffwzmof.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\*.sxload.net\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E54F56DD-104D-5BBB-111D-7912D14EE471}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{E54F56DD-104D-5BBB-111D-7912D14EE471}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\priarsz\\ deleted successfully.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11282008_205415


OTViewIT


OTViewIt logfile created on: 11/28/2008 9:10:42 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 73.58 Mb Available Physical Memory | 28.80% Memory free
616.91 Mb Paging File | 389.07 Mb Available in Paging File | 63.07% Paging File free
Paging file location(s): c:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.99 Gb Total Space | 10.74 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.14 Gb Free Space | 84.26% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-R1DHX7MSQF
Current User Name: Courtney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/11/14 17:34:49 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2008/11/02 22:24:00 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2005/01/18 20:37:30 | 00,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
[2001/09/13 01:09:50 | 01,134,592 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/11/14 17:34:52 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/11/14 17:34:51 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/11/14 17:34:51 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/13 19:12:40 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
[2008/11/28 06:37:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/14 17:34:51 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/11/14 17:34:49 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
File not found -- -- (ClipSrv [Disabled | Stopped])
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2008/04/13 19:12:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/11/02 22:25:53 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/03 21:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/11/14 17:35:19 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/14 17:35:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/14 17:35:29 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2001/09/14 22:46:08 | 00,280,657 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
[2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2001/08/17 11:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running])
[2008/09/14 16:10:25 | 00,133,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\ethnsieh.sys -- (ethnsieh [System | Stopped])
[2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 11:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/11/27 17:51:54 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[1998/09/25 03:55:24 | 00,052,800 | ---- | M] () -- C:\WINDOWS\system32\drivers\HPFecp13.sys -- (HPFECP13 [Auto | Running])
[2005/01/31 05:12:46 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2001/08/17 13:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2005/01/31 05:20:03 | 00,211,712 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/11/10 00:46:11 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\Restore -- (restore [On_Demand | Stopped])
[2006/12/14 15:44:06 | 00,085,120 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
[2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 07:50:46 | 00,101,760 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sis300ip.sys -- (SiS300i [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2004/08/03 21:31:36 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC [On_Demand | Stopped])
[2007/08/01 22:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2002/03/22 15:12:06 | 00,026,368 | ---- | M] (Linksys) -- C:\WINDOWS\system32\drivers\USB100TX.sys -- (USB100TX [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.youtube.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00A6FAF6-072E-44cf-8957-5838F569A31D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00A6FAF6-072E-44cf-8957-5838F569A31D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.youtube.com/

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"C-Media Mixer"=Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))
"kczrgvgeyxuagqwip"=C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xzxffwzmof.dll" (Microsoft Corporation)
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
"LVCOMSX"=C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
"Logitech Desktop Messenger"=C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Courtney\NewVersion\setup-8876480.exe (BackWeb)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
"Logitech Desktop Messenger"=C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Courtney\NewVersion\setup-8876480.exe (BackWeb)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sxload.net: * in Trusted sites
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17DF9D0D-036E-424B-98D7-A41E4CE783EF}: ms-its:mhtml:file://c:\\nores.mht!http://adxcnet.net/code/chm/xpre.chm::/xpreload.ocx -- Reg Error: Key does not exist or could not be opened.
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}: http://musicmix.messenger.msn.com/Medialogic.CAB -- CMediaMix Object
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://www.pandasecurity.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{4639C70C-9E72-4DE0-8C16-E24D946668EF} (Servers: | Description: )
{57AE0352-ABB0-44F2-A11F-96F7E626A32F} (Servers: | Description: Linksys EtherFast 10/100 USB Network Adapter)
{661A8C46-FF4C-4707-8818-A0AF5C19087B} (Servers: | Description: )
{822FBDC7-7DAC-42F7-9848-36BC88322784} (Servers: | Description: )
{98601E2C-FC52-46E0-B15A-C436757949DB} (Servers: | Description: )
{BC745B31-78CF-4EAA-BDC8-6D47502C9061} (Servers: | Description: )
{FFF6D396-57ED-415A-BB63-5947D6230162} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/11/14 17:35:30 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEA4DE5E-37ED-4A91-A883-6D8953A84614}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\System32\qoMggfcc,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/03/25 22:48:23 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autoruns.chm [ITSF | ]
[2008/11/10 22:27:36 | 00,048,986 | ---- | M] () -- C:\autoruns.chm -- [ NTFS ]

autoruns.exe [MZ | ]
[2008/11/10 22:27:36 | 00,644,976 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe -- [ NTFS ]

autorunsc.exe [MZ | ]
[2008/11/10 22:27:36 | 00,538,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[14 C:\WINDOWS\*.tmp files]
[2008/11/28 21:10:00 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTViewIt.exe
[2008/11/28 20:54:15 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/11/28 20:52:35 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTMoveIt3.exe
[2008/11/27 17:51:56 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/27 17:51:54 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/27 17:51:54 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/27 17:51:54 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/27 17:51:53 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/27 17:51:13 | 00,000,000 | ---D | C] -- C:\gmer
[2008/11/27 17:48:58 | 00,356,792 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\dds.scr
[2008/11/27 17:43:02 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\gmer.zip
[2008/11/19 00:49:55 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HijackThis.lnk
[2008/11/19 00:49:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/18 20:18:42 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HJTInstall.exe
[2008/11/18 20:10:21 | 26,796,4416 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/18 16:49:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/11/18 15:48:08 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/18 13:51:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/11/18 12:20:11 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/14 18:57:54 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/14 17:35:31 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/14 17:35:30 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/14 17:35:29 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/14 17:35:19 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/14 17:35:16 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/14 17:35:08 | 27,321,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/14 17:35:08 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/14 17:35:08 | 00,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/14 17:35:08 | 00,106,501 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/14 17:35:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/14 17:35:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Application Data\AVGTOOLBAR
[2008/11/14 17:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/14 17:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/14 06:41:22 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/14 06:40:00 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/13 20:48:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/13 20:48:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/13 20:48:31 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/13 20:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/13 20:47:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/13 06:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\Bleeping Computer 11-12-08
[2008/11/13 06:51:17 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.opt
[2008/11/12 22:44:08 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.exe
[2008/11/10 22:26:54 | 00,575,466 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\Autoruns.zip
[2008/11/10 03:06:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/10 00:49:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/11/10 00:49:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/11/10 00:49:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/11/10 00:46:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/11/10 00:37:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/11/10 00:37:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/11/10 00:15:22 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/10 00:15:21 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/11/09 23:47:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/11/09 23:47:13 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/11/09 23:47:12 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/11/09 23:47:11 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/11/09 23:47:11 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/11/09 23:47:10 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/11/09 23:47:10 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/11/09 23:47:10 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/11/09 23:47:10 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/11/09 23:47:09 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/11/09 23:46:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/11/09 23:46:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/11/09 23:44:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/11/09 23:43:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/11/09 23:43:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/11/09 23:42:24 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/11/09 23:39:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/11/09 23:38:58 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/11/09 23:21:38 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/11/09 21:52:09 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/09 21:44:50 | 00,000,533 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/09 21:42:20 | 17,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/09 21:13:36 | 00,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2008/11/09 21:02:28 | 00,001,997 | ---- | C] () -- C:\WINDOWS\search.yahoo.com-error.html
[2008/11/09 21:02:27 | 00,006,182 | ---- | C] () -- C:\WINDOWS\live.com-error.html
[2008/11/09 21:02:26 | 00,016,451 | ---- | C] () -- C:\WINDOWS\gmail.com-error.html
[2008/11/09 21:02:25 | 00,005,596 | ---- | C] () -- C:\WINDOWS\aol.com-error.html
[2008/11/09 20:56:49 | 50,689,960 | ---- | C] (AVG Technologies) -- C:\avg_free_stf_en_8_173a1373.exe
[2008/11/09 17:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/11/09 17:28:02 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/11/09 17:28:02 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/11/09 17:28:02 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/11/09 17:28:02 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/11/09 17:28:02 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/11/09 17:28:02 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/11/09 17:28:01 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/11/09 17:28:01 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/11/09 17:28:01 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/11/09 17:28:01 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/11/09 17:28:01 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/11/09 17:28:01 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/11/09 17:28:01 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/11/09 17:28:00 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/11/09 17:28:00 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/11/09 17:28:00 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/11/09 17:28:00 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/11/09 17:28:00 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/11/09 17:28:00 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/11/09 17:28:00 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/11/09 17:28:00 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/11/09 17:28:00 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/11/09 17:28:00 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/11/09 17:28:00 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/11/09 17:28:00 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/11/09 17:27:58 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/11/09 17:27:58 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/11/09 17:27:58 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/11/09 17:27:57 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/11/09 17:27:57 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/11/09 17:27:57 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/11/09 17:27:56 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/11/09 17:27:56 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/11/09 17:27:56 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/11/09 17:27:54 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/11/09 17:27:54 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/11/09 17:27:54 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/11/09 17:27:54 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/11/09 17:27:53 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/11/09 17:27:52 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/11/09 17:27:51 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/11/09 17:27:50 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/11/09 17:27:50 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/11/09 17:27:50 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/11/09 17:27:50 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/11/09 17:27:50 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/11/09 17:27:50 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/11/09 17:27:50 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/11/09 17:27:50 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/11/09 17:27:50 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/11/09 17:27:50 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/11/09 17:27:50 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/11/09 17:27:50 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/11/09 17:27:50 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/11/09 17:27:50 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/11/09 17:27:50 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/11/09 17:27:50 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/11/09 17:27:49 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/11/09 17:27:49 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/11/09 17:27:49 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/11/09 17:27:49 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/11/09 17:27:44 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/11/09 17:27:44 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/11/09 17:27:44 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/11/09 17:27:41 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/11/09 17:27:33 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/11/09 17:27:24 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/11/09 17:27:24 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/11/09 17:27:24 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/11/09 17:27:24 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/11/09 17:27:24 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/11/09 17:27:23 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/11/09 17:27:23 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/11/09 17:27:23 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/11/09 17:27:23 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/11/09 17:27:23 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/11/09 17:27:23 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/11/09 17:25:04 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/11/09 16:19:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/03 22:02:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/03 22:02:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/03 22:02:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/03 21:57:10 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/11/03 21:57:08 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/11/03 21:56:46 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/11/03 21:56:43 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/11/03 21:56:42 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/11/03 21:56:40 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/11/03 21:56:39 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/11/03 21:56:35 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/11/03 21:56:18 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/11/03 21:55:20 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/03 21:41:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Application Data\Malwarebytes
[2008/11/03 21:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/03 21:41:04 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\VirtumundoBeGone.exe
[2008/11/03 21:40:37 | 01,773,856 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\mbam-setup.exe
[2008/11/03 21:40:31 | 02,733,520 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\ccsetup205.exe
[2008/11/03 20:46:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[14 C:\WINDOWS\*.tmp files]
[2008/11/28 20:56:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/28 20:55:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/28 20:55:30 | 26,796,4416 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/28 20:45:31 | 00,001,452 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/28 06:37:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTViewIt.exe
[2008/11/28 06:36:38 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTMoveIt3.exe
[2008/11/27 22:49:16 | 04,824,466 | -H-- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Local Settings\Application Data\IconCache.db
[2008/11/27 20:30:47 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/11/27 17:51:54 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/27 17:51:54 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/27 17:51:54 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/27 17:48:08 | 00,356,792 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\dds.scr
[2008/11/27 17:32:16 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\gmer.zip
[2008/11/19 00:49:55 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HijackThis.lnk
[2008/11/18 20:20:07 | 00,000,533 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/18 20:15:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/18 16:44:35 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2008/11/17 22:54:53 | 00,000,146 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\pfdnnt.act
[2008/11/17 19:08:27 | 26,799,3088 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2008/11/14 17:35:31 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/14 17:35:30 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/14 17:35:29 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/14 17:35:19 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/14 17:35:16 | 27,321,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/14 17:35:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/14 17:35:08 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/14 17:35:08 | 00,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/14 17:35:08 | 00,106,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/14 06:39:39 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2008/11/13 20:48:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/13 20:48:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/13 06:51:17 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.opt
[2008/11/12 22:29:32 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HJTInstall.exe
[2008/11/12 22:27:20 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.exe
[2008/11/10 22:27:36 | 00,644,976 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2008/11/10 22:27:36 | 00,538,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
[2008/11/10 22:27:36 | 00,048,986 | ---- | M] () -- C:\autoruns.chm
[2008/11/10 22:26:56 | 00,575,466 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\Autoruns.zip
[2008/11/10 06:33:22 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/11/10 03:08:58 | 00,357,106 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/10 03:08:58 | 00,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/10 03:08:58 | 00,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/10 03:06:29 | 00,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/10 00:43:26 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/10 00:15:22 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/09 23:55:26 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\My Documents\desktop.ini
[2008/11/09 21:02:28 | 00,001,997 | ---- | M] () -- C:\WINDOWS\search.yahoo.com-error.html
[2008/11/09 21:02:27 | 00,006,182 | ---- | M] () -- C:\WINDOWS\live.com-error.html
[2008/11/09 21:02:26 | 00,016,451 | ---- | M] () -- C:\WINDOWS\gmail.com-error.html
[2008/11/09 21:02:25 | 00,005,596 | ---- | M] () -- C:\WINDOWS\aol.com-error.html
[2008/11/09 20:56:57 | 50,689,960 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_en_8_173a1373.exe
[2008/11/03 22:02:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/03 21:51:19 | 00,077,906 | ---- | M] () -- C:\WINDOWS\System32\ypdaoloivptcbsucm.exe
[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/02 22:26:40 | 00,086,016 | ---- | M] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2008/11/02 22:26:11 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2008/11/02 22:25:53 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
[2008/11/02 22:25:25 | 00,217,088 | ---- | M] (Small Rockets) -- C:\WINDOWS\System32\srkey.exe
[2008/11/02 22:25:09 | 00,374,784 | ---- | M] () -- C:\WINDOWS\System32\RunAP.exe
[2008/11/02 22:25:05 | 00,382,464 | ---- | M] () -- C:\WINDOWS\System32\Restart.exe
[2008/11/02 22:24:33 | 00,155,648 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2008/11/02 22:23:56 | 00,387,584 | ---- | M] () -- C:\WINDOWS\System32\LostRun.exe
[2008/11/02 22:23:38 | 00,057,710 | R--- | M] () -- C:\WINDOWS\System32\InstMed.exe
[2008/11/02 22:11:34 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2008/11/02 22:08:20 | 00,135,168 | R--- | M] () -- C:\WINDOWS\cmuninst.exe
[2008/11/02 22:08:19 | 00,118,784 | ---- | M] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2008/11/02 22:08:18 | 00,086,876 | R--- | M] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
< End of report >

Extra


OTViewIt Extras logfile created on: 11/28/2008 9:10:42 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 73.58 Mb Available Physical Memory | 28.80% Memory free
616.91 Mb Paging File | 389.07 Mb Available in Paging File | 63.07% Paging File free
Paging file location(s): c:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.99 Gb Total Space | 10.74 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.14 Gb Free Space | 84.26% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-R1DHX7MSQF
Current User Name: Courtney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\sys-addon\uninstall.exe:*:Enabled:BHO
[2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- \??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/11/14 17:34:51 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/11/14 17:34:51 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/14 17:35:06 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (offline-8876480:{4E510A45-31AA-45CC-9944-0C9407B7C05A} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6900E3D5-7695-463E-98D7-2C940ED8214F}"=Sinbad - Legend Of The Seven Seas ™
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.7
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}"=Logitech QuickCam Software
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AVG8Uninstall"=AVG Free 8.0
"CCleaner"=CCleaner (remove only)
"EfntSSDSL"=Efficient Networks SpeedStream DSL
"Freddi Fish's One-Stop Fun Shop"=Freddi Fish's One-Stop Fun Shop
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP DeskJet 710C Series"=HP DeskJet 710C Series (Remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Leap Ahead Math Ages 6-9"=Leap Ahead Math Ages 6-9
"LimeWire"=LimeWire 4.16.6
"Logitech Print Service"=Logitech Print Service
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"NASCAR Racing 1999 Edition"=NASCAR Racing 1999 Edition
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NeroVision!UninstallKey"=NeroVision Express 2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"PCI Audio Driver"=PCI Audio Driver
"QcDrv"=Logitech® Camera Driver
"QuickTime"=QuickTime
"Scooby-Doo™, Jinx At The Sphinx™"=Scooby-Doo™, Jinx At The Sphinx™
"Scooby-Doo™, Showdown in Ghost Town™"=Scooby-Doo™, Showdown in Ghost Town™
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Sierra Utilities"=Sierra Utilities
"Startup"=BHO
"TarzanPS"=Disney's Print Studio Tarzan
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Weather Disaster"=Operation Weather Disaster
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"ypdaoloivptcbsucm"=RON Tool Targetedbanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2008 9:50:52 PM | Computer Name = HOME-R1DHX7MSQF | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/3/2008 9:50:56 PM | Computer Name = HOME-R1DHX7MSQF | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 3014, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/3/2008 9:55:10 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/3/2008 9:55:10 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 2:18:15 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 2:18:15 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 2:30:49 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 3:30:49 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 4:30:49 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/10/2008 11:33:59 PM | Computer Name = HOME-R1DHX7MSQF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 11/27/2008 6:48:35 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/27/2008 9:28:32 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0B365333-F00A-4598-924E-04C5AD497AD7}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\FxSvr2.exe"
-Embedding

Error - 11/27/2008 9:30:35 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/27/2008 9:51:26 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/27/2008 9:51:40 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/28/2008 9:47:48 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0B365333-F00A-4598-924E-04C5AD497AD7}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\FxSvr2.exe"
-Embedding

Error - 11/28/2008 9:52:23 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/28/2008 9:57:53 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0B365333-F00A-4598-924E-04C5AD497AD7}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\FxSvr2.exe"
-Embedding

Error - 11/28/2008 10:09:16 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/28/2008 10:09:42 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:46 PM

Posted 29 November 2008 - 07:44 PM

Hello, WarBlade
After you run the batch file below, a log.txt will exist on your desktop. Please post that file's contents here.

We need to execute a Batch File
  • Go to Start -> Run, and type "notepad" into the box.
  • Press ok.
  • Copy and paste the following code into notepad:
    IF EXIST %systemroot%\System32\sort.exe echo EXISTS > "%userprofile%\Desktop\Log.txt"
    IF NOT EXIST %systemroot%\System32\sort.exe echo "Does Not Exist" > "%userprofile%\Desktop\Log.txt"
    del fix.bat
  • Go to File -> Save
  • To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
  • Enter fix.bat into the "File name:" box just above the "Save as Type" box.
  • Double click fix.bat on your desktop.
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbsup:
In your next reply, please include the following:
  • Batch file Log.txt
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 29 November 2008 - 10:10 PM

Hi Billy,

Ok ran into a snag again. I ran the fix.bat file. A momentary dos window appeared then disappeared. I will assume that is normal. However when I went to run the Combo fix. It started to work (never got to the disclaimer screen) a black dos window opened then the black part switched to blue(dunno if the color is improtant or not but I thought I better mention it). After a bit and some hard drive activity a message in the dos box appeared stating.....


sort.exe is not recognized as an internal or external command, operable program or batch file.


then nothing else happens. I tried to rerun the fix.bat file after making it again but ened with the same results. Hope what I decribed helps you out.

Thanks again,

WarBlade

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:46 PM

Posted 30 November 2008 - 02:39 PM

Hello, WarBlade
Hmm... that's strange. Please try this:

We need to create an OTViewIt Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the "Custom Scans" area, enter the following text:
    C:\Windows\System32\Sort.exe /md5
    C:\Windows\Sort.exe /md5
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 30 November 2008 - 04:15 PM

Hi Billy,

Here are the latest logs you asked for.

OTViewIT


OTViewIt logfile created on: 11/30/2008 4:00:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 95.75 Mb Available Physical Memory | 37.48% Memory free
616.91 Mb Paging File | 391.82 Mb Available in Paging File | 63.51% Paging File free
Paging file location(s): c:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.99 Gb Total Space | 10.73 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-R1DHX7MSQF
Current User Name: Courtney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/11/14 17:34:49 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
[2008/11/14 17:34:52 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/11/14 17:34:51 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008/11/02 22:24:00 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2005/01/18 20:37:30 | 00,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
[2001/09/13 01:09:50 | 01,134,592 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/11/14 17:34:51 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/13 19:12:40 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
[2008/11/28 06:37:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/14 17:34:51 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/11/14 17:34:49 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
File not found -- -- (ClipSrv [Disabled | Stopped])
[2008/04/13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running])
[2008/04/13 19:12:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/11/02 22:25:53 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/03 21:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/11/14 17:35:19 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/14 17:35:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/14 17:35:29 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2001/09/14 22:46:08 | 00,280,657 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
[2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2001/08/17 11:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running])
[2008/09/14 16:10:25 | 00,133,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\ethnsieh.sys -- (ethnsieh [System | Stopped])
[2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
[2001/08/17 11:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
[2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/11/27 17:51:54 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[1998/09/25 03:55:24 | 00,052,800 | ---- | M] () -- C:\WINDOWS\system32\drivers\HPFecp13.sys -- (HPFECP13 [Auto | Running])
[2005/01/31 05:12:46 | 00,022,016 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2001/08/17 13:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2005/01/31 05:20:03 | 00,211,712 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/11/10 00:46:11 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\Restore -- (restore [On_Demand | Stopped])
[2006/12/14 15:44:06 | 00,085,120 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
[2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 07:50:46 | 00,101,760 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sis300ip.sys -- (SiS300i [On_Demand | Stopped])
[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Boot | Running])
[2004/08/03 21:31:36 | 00,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC [On_Demand | Stopped])
[2007/08/01 22:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2002/03/22 15:12:06 | 00,026,368 | ---- | M] (Linksys) -- C:\WINDOWS\system32\drivers\USB100TX.sys -- (USB100TX [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.youtube.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00A6FAF6-072E-44cf-8957-5838F569A31D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00A6FAF6-072E-44cf-8957-5838F569A31D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.youtube.com/

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"C-Media Mixer"=Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))
"kczrgvgeyxuagqwip"=C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xzxffwzmof.dll" (Microsoft Corporation)
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
"LVCOMSX"=C:\WINDOWS\System32\LVCOMSX.EXE (Logitech Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
"Logitech Desktop Messenger"=C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Courtney\NewVersion\setup-8876480.exe (BackWeb)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
"Logitech Desktop Messenger"=C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Courtney\NewVersion\setup-8876480.exe (BackWeb)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ClassicShell"=0
"ForceActiveDesktopOn"=0

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-839522115-436374069-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
sxload.net: * in Trusted sites
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17DF9D0D-036E-424B-98D7-A41E4CE783EF}: ms-its:mhtml:file://c:\\nores.mht!http://adxcnet.net/code/chm/xpre.chm::/xpreload.ocx -- Reg Error: Key does not exist or could not be opened.
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}: http://musicmix.messenger.msn.com/Medialogic.CAB -- CMediaMix Object
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://www.pandasecurity.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -- MessengerStatsClient Class
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{4639C70C-9E72-4DE0-8C16-E24D946668EF} (Servers: | Description: )
{57AE0352-ABB0-44F2-A11F-96F7E626A32F} (Servers: | Description: Linksys EtherFast 10/100 USB Network Adapter)
{661A8C46-FF4C-4707-8818-A0AF5C19087B} (Servers: | Description: )
{822FBDC7-7DAC-42F7-9848-36BC88322784} (Servers: | Description: )
{98601E2C-FC52-46E0-B15A-C436757949DB} (Servers: | Description: )
{BC745B31-78CF-4EAA-BDC8-6D47502C9061} (Servers: | Description: )
{FFF6D396-57ED-415A-BB63-5947D6230162} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEA4DE5E-37ED-4A91-A883-6D8953A84614}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\System32\qoMggfcc,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/03/25 22:48:23 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autoruns.chm [ITSF | ]
[2008/11/10 22:27:36 | 00,048,986 | ---- | M] () -- C:\autoruns.chm -- [ NTFS ]

autoruns.exe [MZ | ]
[2008/11/10 22:27:36 | 00,644,976 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe -- [ NTFS ]

autorunsc.exe [MZ | ]
[2008/11/10 22:27:36 | 00,538,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[14 C:\WINDOWS\*.tmp files]
[2008/11/29 22:05:17 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/11/29 22:05:16 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30222.exe
[2008/11/29 22:02:21 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29640.exe
[2008/11/29 21:59:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/29 21:59:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/29 21:59:39 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29075.exe
[2008/11/29 21:49:26 | 03,055,983 | R--- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\ComboFix.exe
[2008/11/28 21:10:00 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTViewIt.exe
[2008/11/28 20:54:15 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/11/28 20:52:35 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTMoveIt3.exe
[2008/11/27 17:51:56 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/27 17:51:54 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/27 17:51:54 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/27 17:51:54 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/27 17:51:53 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/27 17:51:13 | 00,000,000 | ---D | C] -- C:\gmer
[2008/11/27 17:48:58 | 00,356,792 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\dds.scr
[2008/11/27 17:43:02 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\gmer.zip
[2008/11/19 00:49:55 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HijackThis.lnk
[2008/11/19 00:49:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/18 20:18:42 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HJTInstall.exe
[2008/11/18 20:10:21 | 26,796,4416 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/18 16:49:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/11/18 15:48:08 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/18 13:51:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/11/18 12:20:11 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/14 18:57:54 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/14 17:35:31 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/14 17:35:30 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/14 17:35:29 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/14 17:35:19 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/14 17:35:16 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/14 17:35:08 | 27,321,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/14 17:35:08 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/14 17:35:08 | 00,211,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/14 17:35:08 | 00,106,501 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/14 17:35:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/14 17:35:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Application Data\AVGTOOLBAR
[2008/11/14 17:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/14 17:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/14 06:41:22 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/14 06:40:00 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/13 20:48:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/13 20:48:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/13 20:48:31 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/13 20:48:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/13 20:47:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/13 06:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\Bleeping Computer 11-12-08
[2008/11/13 06:51:17 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.opt
[2008/11/12 22:44:08 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.exe
[2008/11/10 22:26:54 | 00,575,466 | ---- | C] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\Autoruns.zip
[2008/11/10 03:06:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/10 00:49:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/11/10 00:49:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/11/10 00:49:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/11/10 00:46:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/11/10 00:37:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/11/10 00:37:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/11/10 00:15:22 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/10 00:15:21 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/11/09 23:47:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/11/09 23:47:13 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/11/09 23:47:12 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/11/09 23:47:11 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/11/09 23:47:11 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/11/09 23:47:10 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/11/09 23:47:10 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/11/09 23:47:10 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/11/09 23:47:10 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/11/09 23:47:09 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/11/09 23:46:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/11/09 23:46:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/11/09 23:44:05 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/11/09 23:43:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/11/09 23:43:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/11/09 23:42:24 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/11/09 23:39:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/11/09 23:38:58 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/11/09 23:21:38 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/11/09 21:52:09 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/09 21:44:50 | 00,000,533 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/09 21:42:20 | 17,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/09 21:13:36 | 00,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2008/11/09 21:02:28 | 00,001,997 | ---- | C] () -- C:\WINDOWS\search.yahoo.com-error.html
[2008/11/09 21:02:27 | 00,006,182 | ---- | C] () -- C:\WINDOWS\live.com-error.html
[2008/11/09 21:02:26 | 00,016,451 | ---- | C] () -- C:\WINDOWS\gmail.com-error.html
[2008/11/09 21:02:25 | 00,005,596 | ---- | C] () -- C:\WINDOWS\aol.com-error.html
[2008/11/09 20:56:49 | 50,689,960 | ---- | C] (AVG Technologies) -- C:\avg_free_stf_en_8_173a1373.exe
[2008/11/09 17:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/11/09 17:28:02 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/11/09 17:28:02 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/11/09 17:28:02 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/11/09 17:28:02 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/11/09 17:28:02 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/11/09 17:28:02 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/11/09 17:28:01 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/11/09 17:28:01 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/11/09 17:28:01 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/11/09 17:28:01 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/11/09 17:28:01 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/11/09 17:28:01 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/11/09 17:28:01 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/11/09 17:28:00 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/11/09 17:28:00 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/11/09 17:28:00 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/11/09 17:28:00 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/11/09 17:28:00 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/11/09 17:28:00 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/11/09 17:28:00 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/11/09 17:28:00 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/11/09 17:28:00 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/11/09 17:28:00 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/11/09 17:28:00 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/11/09 17:28:00 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/11/09 17:27:58 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/11/09 17:27:58 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/11/09 17:27:58 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/11/09 17:27:57 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/11/09 17:27:57 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/11/09 17:27:57 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/11/09 17:27:56 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/11/09 17:27:56 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/11/09 17:27:56 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/11/09 17:27:54 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/11/09 17:27:54 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/11/09 17:27:54 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/11/09 17:27:54 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/11/09 17:27:53 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/11/09 17:27:52 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/11/09 17:27:51 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/11/09 17:27:50 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/11/09 17:27:50 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/11/09 17:27:50 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/11/09 17:27:50 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/11/09 17:27:50 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/11/09 17:27:50 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/11/09 17:27:50 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/11/09 17:27:50 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/11/09 17:27:50 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/11/09 17:27:50 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/11/09 17:27:50 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/11/09 17:27:50 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/11/09 17:27:50 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/11/09 17:27:50 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/11/09 17:27:50 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/11/09 17:27:50 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/11/09 17:27:49 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/11/09 17:27:49 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/11/09 17:27:49 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/11/09 17:27:49 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/11/09 17:27:44 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/11/09 17:27:44 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/11/09 17:27:44 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/11/09 17:27:41 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/11/09 17:27:33 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/11/09 17:27:24 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/11/09 17:27:24 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/11/09 17:27:24 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/11/09 17:27:24 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/11/09 17:27:24 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/11/09 17:27:23 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/11/09 17:27:23 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/11/09 17:27:23 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/11/09 17:27:23 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/11/09 17:27:23 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/11/09 17:27:23 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/11/09 17:25:04 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/11/09 16:19:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/03 22:02:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/03 22:02:17 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/03 22:02:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/03 21:57:10 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/11/03 21:57:08 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/11/03 21:56:46 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/11/03 21:56:43 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/11/03 21:56:42 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/11/03 21:56:40 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/11/03 21:56:39 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/11/03 21:56:35 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/11/03 21:56:18 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/11/03 21:55:20 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/03 21:41:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Application Data\Malwarebytes
[2008/11/03 21:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/03 21:41:04 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\VirtumundoBeGone.exe
[2008/11/03 21:40:37 | 01,773,856 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\mbam-setup.exe
[2008/11/03 21:40:31 | 02,733,520 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\ccsetup205.exe
[2008/11/03 20:46:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[14 C:\WINDOWS\*.tmp files]
[2008/11/30 15:53:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/30 15:52:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/30 15:52:38 | 26,796,4416 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/29 22:13:22 | 04,825,644 | -H-- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Local Settings\Application Data\IconCache.db
[2008/11/29 22:05:10 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF30222.exe
[2008/11/29 22:02:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29640.exe
[2008/11/29 21:59:20 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF29075.exe
[2008/11/29 21:41:44 | 00,001,452 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/29 21:14:40 | 03,055,983 | R--- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\ComboFix.exe
[2008/11/28 06:37:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTViewIt.exe
[2008/11/28 06:36:38 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\OTMoveIt3.exe
[2008/11/27 20:30:47 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/11/27 17:51:54 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/27 17:51:54 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/27 17:51:54 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/27 17:48:08 | 00,356,792 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\dds.scr
[2008/11/27 17:32:16 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\gmer.zip
[2008/11/19 00:49:55 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HijackThis.lnk
[2008/11/18 20:20:07 | 00,000,533 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/18 20:15:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/18 16:44:35 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2008/11/17 22:54:53 | 00,000,146 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\pfdnnt.act
[2008/11/17 19:08:27 | 26,799,3088 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2008/11/14 17:35:31 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/14 17:35:30 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/14 17:35:29 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/14 17:35:19 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/14 17:35:16 | 27,321,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/14 17:35:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/14 17:35:08 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/14 17:35:08 | 00,211,986 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/14 17:35:08 | 00,106,501 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/14 06:39:39 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe
[2008/11/13 20:48:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/13 20:48:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/13 06:51:17 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.opt
[2008/11/12 22:29:32 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\HJTInstall.exe
[2008/11/12 22:27:20 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\stinger.exe
[2008/11/10 22:27:36 | 00,644,976 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2008/11/10 22:27:36 | 00,538,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
[2008/11/10 22:27:36 | 00,048,986 | ---- | M] () -- C:\autoruns.chm
[2008/11/10 22:26:56 | 00,575,466 | ---- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop\Autoruns.zip
[2008/11/10 06:33:22 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/11/10 03:08:58 | 00,357,106 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/10 03:08:58 | 00,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/10 03:08:58 | 00,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/10 03:06:29 | 00,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/10 00:43:26 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/10 00:15:22 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/09 23:55:26 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\My Documents\desktop.ini
[2008/11/09 21:02:28 | 00,001,997 | ---- | M] () -- C:\WINDOWS\search.yahoo.com-error.html
[2008/11/09 21:02:27 | 00,006,182 | ---- | M] () -- C:\WINDOWS\live.com-error.html
[2008/11/09 21:02:26 | 00,016,451 | ---- | M] () -- C:\WINDOWS\gmail.com-error.html
[2008/11/09 21:02:25 | 00,005,596 | ---- | M] () -- C:\WINDOWS\aol.com-error.html
[2008/11/09 20:56:57 | 50,689,960 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_en_8_173a1373.exe
[2008/11/03 22:02:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/03 21:51:19 | 00,077,906 | ---- | M] () -- C:\WINDOWS\System32\ypdaoloivptcbsucm.exe
[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/02 22:26:40 | 00,086,016 | ---- | M] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2008/11/02 22:26:11 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2008/11/02 22:25:53 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
[2008/11/02 22:25:25 | 00,217,088 | ---- | M] (Small Rockets) -- C:\WINDOWS\System32\srkey.exe
[2008/11/02 22:25:09 | 00,374,784 | ---- | M] () -- C:\WINDOWS\System32\RunAP.exe
[2008/11/02 22:25:05 | 00,382,464 | ---- | M] () -- C:\WINDOWS\System32\Restart.exe
[2008/11/02 22:24:33 | 00,155,648 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2008/11/02 22:23:56 | 00,387,584 | ---- | M] () -- C:\WINDOWS\System32\LostRun.exe
[2008/11/02 22:23:38 | 00,057,710 | R--- | M] () -- C:\WINDOWS\System32\InstMed.exe
[2008/11/02 22:11:34 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2008/11/02 22:08:20 | 00,135,168 | R--- | M] () -- C:\WINDOWS\cmuninst.exe
[2008/11/02 22:08:19 | 00,118,784 | ---- | M] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2008/11/02 22:08:18 | 00,086,876 | R--- | M] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe

========== Custom Scans ==========

< C:\Windows\System32\Sort.exe /md5 >

< C:\Windows\Sort.exe /md5 >
< End of report >


Extras


OTViewIt Extras logfile created on: 11/30/2008 4:00:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Courtney.HOME-R1DHX7MSQF\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.48 Mb Total Physical Memory | 95.75 Mb Available Physical Memory | 37.48% Memory free
616.91 Mb Paging File | 391.82 Mb Available in Paging File | 63.51% Paging File free
Paging file location(s): c:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.99 Gb Total Space | 10.73 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-R1DHX7MSQF
Current User Name: Courtney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\sys-addon\uninstall.exe:*:Enabled:BHO
[2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- \??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/11/14 17:34:51 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/11/14 17:34:51 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0s:{4e510a45-31aa-45cc-9944-0c9407b7c05a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/14 17:35:06 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 19:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/07/11 19:15:22 | 00,040,999 | ---- | M] (Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (offline-8876480:{4E510A45-31AA-45CC-9944-0C9407B7C05A} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6900E3D5-7695-463E-98D7-2C940ED8214F}"=Sinbad - Legend Of The Seven Seas ™
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.7
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet PCI NIC Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}"=Logitech QuickCam Software
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AVG8Uninstall"=AVG Free 8.0
"CCleaner"=CCleaner (remove only)
"EfntSSDSL"=Efficient Networks SpeedStream DSL
"Freddi Fish's One-Stop Fun Shop"=Freddi Fish's One-Stop Fun Shop
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP DeskJet 710C Series"=HP DeskJet 710C Series (Remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Leap Ahead Math Ages 6-9"=Leap Ahead Math Ages 6-9
"LimeWire"=LimeWire 4.16.6
"Logitech Print Service"=Logitech Print Service
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"NASCAR Racing 1999 Edition"=NASCAR Racing 1999 Edition
"Nero - Burning Rom!UninstallKey"=Nero OEM
"NeroVision!UninstallKey"=NeroVision Express 2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMPUninstallKey"=Nero Media Player
"PCI Audio Driver"=PCI Audio Driver
"QcDrv"=Logitech® Camera Driver
"QuickTime"=QuickTime
"Scooby-Doo™, Jinx At The Sphinx™"=Scooby-Doo™, Jinx At The Sphinx™
"Scooby-Doo™, Showdown in Ghost Town™"=Scooby-Doo™, Showdown in Ghost Town™
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Sierra Utilities"=Sierra Utilities
"Startup"=BHO
"TarzanPS"=Disney's Print Studio Tarzan
"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter
"Weather Disaster"=Operation Weather Disaster
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"ypdaoloivptcbsucm"=RON Tool Targetedbanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2008 9:50:52 PM | Computer Name = HOME-R1DHX7MSQF | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/3/2008 9:50:56 PM | Computer Name = HOME-R1DHX7MSQF | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 3014, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/3/2008 9:55:10 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/3/2008 9:55:10 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 2:18:15 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 2:18:15 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 2:30:49 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 3:30:49 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/9/2008 4:30:49 PM | Computer Name = HOME-R1DHX7MSQF | Source = AVG7 | ID = 100
Description =

Error - 11/10/2008 11:33:59 PM | Computer Name = HOME-R1DHX7MSQF | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 11/28/2008 10:22:07 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/29/2008 10:43:44 PM | Computer Name = HOME-R1DHX7MSQF | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/29/2008 10:44:46 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0B365333-F00A-4598-924E-04C5AD497AD7}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\FxSvr2.exe"
-Embedding

Error - 11/29/2008 10:49:15 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4F9B9553-DCE9-4899-BB45-4D62B0CDF2E3}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\AlbumDB2.exe"
-Embedding

Error - 11/30/2008 4:48:19 PM | Computer Name = HOME-R1DHX7MSQF | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/30/2008 4:48:20 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0B365333-F00A-4598-924E-04C5AD497AD7}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\FxSvr2.exe"
-Embedding

Error - 11/30/2008 4:48:55 PM | Computer Name = HOME-R1DHX7MSQF | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 11/30/2008 4:53:31 PM | Computer Name = HOME-R1DHX7MSQF | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/30/2008 4:54:10 PM | Computer Name = HOME-R1DHX7MSQF | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 11/30/2008 4:55:01 PM | Computer Name = HOME-R1DHX7MSQF | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {0B365333-F00A-4598-924E-04C5AD497AD7}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Logitech\Video\FxSvr2.exe"
-Embedding


< End of report >


Thanks

Warblade

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:46 PM

Posted 01 December 2008 - 05:17 PM

Alright... that indicates that the operating system is damaged.

Do you have your windows installation media?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 01 December 2008 - 07:15 PM

I will have to ask him if he still has his disk. I have access to a copy of Windows Xp Home but it is not the disk that was installed on this system.

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:46 PM

Posted 01 December 2008 - 11:45 PM

Alright.. see if you can find that disk. Parts of windows itself are missing which is causing problems for our tools.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 02 December 2008 - 01:50 PM

Ok Billy, i go a hold of the disk. Are you thinking of a in place repair? This disk is only a sp1 disk so there will be alot of updating to do. As well as setting it back up to update. Or do you have something else in mind? Dunno why I just asked that. Because you were going to instruct me on what to do anyway. lol

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:46 PM

Posted 02 December 2008 - 07:48 PM

Yep.. I've got something else in mind.

Please go to start -> Run and enter CMD.
Then press enter.

Then type in the following:
sfc /purgecache
sfc /scannow

This will take some time to verify that windows' files are in the correct locations.

After that please redownload and retry running ComboFix.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 WarBlade

WarBlade
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 03 December 2008 - 11:37 AM

So just to be sure. I do not need to have the disk in the drive when doing the next step?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users