Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not able to open yahoo


  • This topic is locked This topic is locked
22 replies to this topic

#1 Rich4bugs

Rich4bugs

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 14 March 2009 - 03:09 PM

When attemptng to open yahoo or yahoo mail it will not open. I get the message: Internet Explorer cannot display the webpage.
I have no problem opening Google or Google mail. But when searching in Google I will get the same error message: Internet Explorer cannot display the webpage.
Also when searching i will get be able to search with success and no errors, and other times I will open a site but with errors on page. I just does not make sense.

I have ran Spy Bot, Adaware found and deleted entries. Any help would be appreciated.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Rich at 15:45:23.40 on Sat 03/14/2009
Internet Explorer: 8.0.6001.18372
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.213 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1290 [VPS 081209-1] *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rich\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer
uStart Page = hxxp://google.com/
mStart Page = about:blank
mDefault_Page_URL =
mDefault_Search_URL =
mSearch Page =
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
mCustomizeSearch =
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Logitech SetPoint.lnk.disabled
uPolicies-explorer: NoFolderOptions = 00000000
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-5-19 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-8-10 1153368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-16 29744]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-03-14 14:50 <DIR> --d----- c:\program files\Trend Micro
2009-03-12 22:48 <DIR> --d----- c:\users\rich\appdata\roaming\ErrorFix
2009-03-12 22:48 <DIR> --d----- c:\program files\ErrorFix
2009-03-12 22:47 <DIR> --d----- c:\program files\Downloaded Installers
2009-03-12 21:13 <DIR> --d----- c:\program files\RegistryFix7
2009-03-12 20:58 <DIR> --d----- c:\program files\Safer Networking
2009-03-12 10:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-11 22:45 22,528 a------- c:\windows\system32\netiougc.exe
2009-03-11 22:45 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-03-11 22:44 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-03-11 21:32 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 21:32 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-11 21:32 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 21:32 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 21:32 268,288 a------- c:\windows\system32\schannel.dll
2009-03-11 21:32 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-23 21:22 69,632 a------- c:\windows\system32\Clifford Uninstall.exe
2009-02-23 21:22 91 a------- c:\windows\CBP.INI
2009-02-14 19:31 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 19:31 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 19:31 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 19:31 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 19:31 80,896 a------- c:\windows\system32\MSNP.ax

==================== Find3M ====================

2009-03-14 15:02 348,371 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-02-05 17:06 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-01-15 06:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 06:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 06:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 06:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 06:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 06:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 06:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 06:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 06:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 06:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 06:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 06:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 06:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 06:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 06:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 06:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 06:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 05:50 156,160 a------- c:\windows\system32\msls31.dll
2008-12-10 00:59 174 a--sh--- c:\program files\desktop.ini
2008-12-10 00:56 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-10 00:56 86,016 a------- c:\windows\inf\infstor.dat
2008-12-10 00:56 51,200 a------- c:\windows\inf\infpub.dat
2008-12-10 00:49 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-05-19 18:23 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-05-19 18:23 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-05-19 18:23 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:46:05.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:01 AM

Posted 26 March 2009 - 02:04 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 11:07 AM

Thank you, thank you, for taking a look at this problem i am experiencing.
the DDS.txt is as follows and the attach.t.zip is attached per your request.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Rich at 11:42:33.61 on Sun 03/29/2009
Internet Explorer: 8.0.6001.18372
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.459 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1290 [VPS 081209-1] *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\sttray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rich\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uWindow Title = Microsoft Internet Explorer
mStart Page = about:blank
mDefault_Page_URL =
mDefault_Search_URL =
mSearch Page =
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
mCustomizeSearch =
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Logitech SetPoint.lnk.disabled
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-5-19 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-8-10 1153368]
S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2009-03-23 18:11 221,170,331 a------- c:\windows\MEMORY.DMP
2009-03-18 21:34 <DIR> --d----- c:\users\rich\appdata\roaming\Malwarebytes
2009-03-18 21:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-18 21:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 21:34 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-18 21:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 21:34 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-15 14:38 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-15 14:38 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-15 14:38 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-15 14:38 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-15 14:38 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-15 14:38 11,264 a------- c:\windows\system32\icardres.dll
2009-03-15 14:38 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-15 14:38 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-15 14:30 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-15 14:30 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-15 14:30 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-15 14:29 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-15 14:29 83,968 a------- c:\windows\system32\mscories.dll
2009-03-15 13:16 <DIR> --d----- c:\users\rich\appdata\roaming\DriverCure
2009-03-15 13:16 <DIR> --d----- c:\programdata\ParetoLogic
2009-03-15 13:16 <DIR> --d----- c:\programdata\DriverCure
2009-03-15 13:16 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-03-15 13:16 <DIR> --d----- c:\progra~2\ParetoLogic
2009-03-15 13:16 <DIR> --d----- c:\progra~2\DriverCure
2009-03-15 13:16 <DIR> --d----- c:\program files\ParetoLogic
2009-03-15 12:29 <DIR> --d----- c:\program files\Yahoo!
2009-03-15 12:29 <DIR> --d----- c:\program files\CCleaner
2009-03-14 14:50 <DIR> --d----- c:\program files\Trend Micro
2009-03-12 22:48 <DIR> --d----- c:\users\rich\appdata\roaming\ErrorFix
2009-03-12 22:48 <DIR> --d----- c:\program files\ErrorFix
2009-03-12 22:47 <DIR> --d----- c:\program files\Downloaded Installers
2009-03-12 21:13 <DIR> --d----- c:\program files\RegistryFix7
2009-03-12 20:58 <DIR> --d----- c:\program files\Safer Networking
2009-03-11 22:45 22,528 a------- c:\windows\system32\netiougc.exe
2009-03-11 22:45 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-03-11 22:44 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-03-11 21:32 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 21:32 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-11 21:32 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 21:32 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 21:32 268,288 a------- c:\windows\system32\schannel.dll
2009-03-11 21:32 2,033,152 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-03-28 18:08 348,371 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-03-15 12:56 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-15 12:56 51,200 a------- c:\windows\inf\infpub.dat
2009-03-15 12:55 86,016 a------- c:\windows\inf\infstor.dat
2009-02-23 21:22 69,632 a------- c:\windows\system32\Clifford Uninstall.exe
2009-02-05 17:06 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-01-15 06:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 06:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 06:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 06:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 06:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 06:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 06:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 06:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 06:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 06:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 06:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 06:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 06:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 06:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 06:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 06:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 06:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 05:50 156,160 a------- c:\windows\system32\msls31.dll
2008-12-10 00:59 174 a--sh--- c:\program files\desktop.ini
2008-12-10 00:49 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:43:27.07 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 29 March 2009 - 11:17 AM

Hello.

Please update MBAM and run MBAM with a quick-scan for me. Once it's done post back with the log.

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
Post back with:
-MBAM log
-OTlistIt2 log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 02:37 PM

copies of the OTListIt2 Report


OTListIt logfile created on: 3/29/2009 3:29:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\Rich\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.30 Mb Total Physical Memory | 303.42 Mb Available Physical Memory | 29.94% Memory free
2.24 Gb Paging File | 1.18 Gb Available in Paging File | 52.72% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.22 Gb Total Space | 135.79 Gb Free Space | 60.83% Space Free | Partition Type: NTFS
Drive D: | 9.67 Gb Total Space | 4.34 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded


OTListIt Extras logfile created on: 3/29/2009 3:29:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\Rich\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.30 Mb Total Physical Memory | 303.42 Mb Available Physical Memory | 29.94% Memory free
2.24 Gb Paging File | 1.18 Gb Available in Paging File | 52.72% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.22 Gb Total Space | 135.79 Gb Free Space | 60.83% Space Free | Partition Type: NTFS
Drive D: | 9.67 Gb Total Space | 4.34 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 149.04 Gb Total Space | 129.52 Gb Free Space | 86.90% Space Free | Partition Type: NTFS

Computer Name: AMY-PC
Current User Name: Rich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-238331562-2711603885-3829185935-1000]
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-238331562-2711603885-3829185935-500]
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{242D10CF-8093-11D7-AD8E-0050DA87D0EB}" = Blues Clues School
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer (OpenSBI Edition)
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{56971A0D-309A-4CD6-81EB-E9CFA06F579A}" = Linksys Wireless-G PCI Adapter with SRX
"{5D4C3D9A-A5FA-49E3-AEB4-75A77CCD63E8}" = Playhouse Disney's Rolie Polie Olie
"{65D5B9CA-7B04-4604-9D00-4C4D14BA49A3}" = ErrorFix
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7D4ED56E-C3DF-46F6-924B-D6774A766943}" = ArcSoft PhotoImpression 4
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{86E5DB8E-E6AC-4FAA-B543-B745897E6A59}" = Winnie the Pooh Spelling
"{8902ACDE-6E38-47C9-86BA-8BAD073A06B5}" = Piglet's Big Game
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD80B4B-BBC7-4D78-BD32-C84FB47268C1}" = Eudora
"{EC453A5C-1CBC-4A9B-87DA-DEB5916176C4}" = Search for the Secret Keys
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Arthur's Wilderness Rescue" = Arthur's Wilderness Rescue
"avast!" = avast! Antivirus
"Backyard Basketball" = Backyard Basketball
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner (remove only)
"Clifford Adventure" = Clifford Thinking Adventures
"Clifford Learning Activities" = Clifford Learning Activities
"Club Administration for Rotary Clubs" = Club Administration for Rotary Clubs
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Detective Barbie® 2 The Vacation Mystery™" = Detective Barbie® 2 The Vacation Mystery™
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Jay Jay Earns His Wings" = Jay Jay Earns His Wings
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"Playtime For Baby & Toddler" = Playtime For Baby & Toddler
"PROSet" = Intel® PRO Network Connections Drivers
"Reader Rabbit Kindergarten® Bounce Down in Balloon Town!™" = Reader Rabbit Kindergarten® Bounce Down in Balloon Town!™
"Reader Rabbit Personalized 1st Grade" = Reader Rabbit Personalized 1st Grade
"RegCure" = RegCure 1.5.2.7
"Registry Fix_is1" = RegistryFix v7.1
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"WildTangent emachines Master Uninstall" = eMachines Games
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/1/2008 10:44:16 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\2008-11-13\DSCF3792.JPG failed, 00000015.

Error - 12/8/2008 8:24:28 AM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe failed, 00000005.

Error - 12/10/2008 10:04:07 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe failed, 00000005.

Error - 12/21/2008 7:27:43 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Rich\AppData\Local\Google\Google Desktop\bcc03ebe1968\uinfo.dat failed,
00000005.

Error - 12/22/2008 6:27:22 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Amy\AppData\Local\Google\Google Desktop\7a16ecbc0105\uinfo.dat failed,
00000005.

Error - 1/6/2009 5:39:17 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe failed, 00000005.

Error - 2/4/2009 7:42:04 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Sydney\AppData\Local\Google\Google Desktop\ac790c5e7624\uinfo.dat failed,
00000005.

Error - 2/7/2009 1:43:03 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe failed, 00000005.

Error - 3/8/2009 9:54:26 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe failed, 00000005.

Error - 3/14/2009 2:00:28 PM | Computer Name = Amy-PC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

[ Application Events ]
Error - 3/17/2009 9:54:19 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1774 Start Time: 01c9a76c6684e574 Termination Time: 15

Error - 3/17/2009 9:54:26 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e44 Start Time: 01c9a76c666854f4 Termination Time: 0

Error - 3/17/2009 9:54:57 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1078 Start Time: 01c9a76c7a19f534 Termination Time: 63

Error - 3/17/2009 9:55:29 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1230 Start Time: 01c9a76c904985f4 Termination Time: 16

Error - 3/18/2009 11:58:38 PM | Computer Name = Amy-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/18/2009 11:58:39 PM | Computer Name = Amy-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 3/22/2009 6:33:05 AM | Computer Name = Amy-PC | Source = EventSystem | ID = 4621
Description =

Error - 3/24/2009 5:33:02 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14bc Start Time: 01c9acc7578b2acb Termination Time: 0

Error - 3/28/2009 5:20:11 PM | Computer Name = Amy-PC | Source = EventSystem | ID = 4621
Description =

Error - 3/28/2009 6:01:22 PM | Computer Name = Amy-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ff4 Start Time: 01c9aedbf00276f0 Termination Time: 537

[ Media Center Events ]
Error - 12/1/2007 4:41:44 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/7/2007 8:53:58 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/9/2007 4:56:44 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/10/2007 8:53:46 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/19/2007 10:25:07 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/19/2007 11:57:35 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2008 3:03:15 AM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/23/2008 6:18:24 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/6/2008 1:25:56 PM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 3/24/2009 8:10:16 AM | Computer Name = Amy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 1/1/2008 9:36:47 PM | Computer Name = Amy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5067
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/19/2009 12:01:19 AM | Computer Name = Amy-PC | Source = HTTP | ID = 15016
Description =

Error - 3/19/2009 12:11:31 AM | Computer Name = Amy-PC | Source = HTTP | ID = 15016
Description =

Error - 3/22/2009 6:12:47 AM | Computer Name = Amy-PC | Source = Airgo | ID = 5002
Description =

Error - 3/23/2009 3:49:54 PM | Computer Name = Amy-PC | Source = Print | ID = 6161
Description = The document http://www.foodnetwork.com/recipes/giada-d...entiis/chocolat,
owned by Sydney, failed to print on printer Canon Inkjet i9900. Try to print the
document again, or restart the print spooler. Data type: NT EMF 1.008. Size of
the spool file in bytes: 1712272. Number of bytes printed: 807152. Total number
of pages in the document: 3. Number of pages printed: 1. Client computer: \\AMY-PC.
Win32 error code returned by the print processor: 0. The operation completed successfully.


Error - 3/23/2009 6:11:03 PM | Computer Name = Amy-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:08:40 PM on 3/23/2009 was unexpected.

Error - 3/23/2009 6:11:30 PM | Computer Name = Amy-PC | Source = HTTP | ID = 15016
Description =

Error - 3/25/2009 12:11:40 AM | Computer Name = Amy-PC | Source = Airgo | ID = 5002
Description =

Error - 3/28/2009 6:08:54 PM | Computer Name = Amy-PC | Source = HTTP | ID = 15016
Description =

Error - 3/28/2009 6:12:03 PM | Computer Name = Amy-PC | Source = WPDMTPDriver | ID = 80838
Description =

Error - 3/28/2009 6:13:06 PM | Computer Name = Amy-PC | Source = WPDMTPDriver | ID = 80838
Description =


< End of report >

I: Drive not present or media not loaded
Drive J: | 149.04 Gb Total Space | 129.52 Gb Free Space | 86.90% Space Free | Partition Type: NTFS

Computer Name: AMY-PC
Current User Name: Rich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/01/19 03:33:01 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\AUDIODG.EXE
PRC - [2008/11/13 15:18:56 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/02/16 18:14:58 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/08/04 21:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 03:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFHost.exe
PRC - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/07 18:08:40 | 00,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
PRC - [2006/11/07 18:34:26 | 00,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2009/02/05 17:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/11/02 08:35:35 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/11/02 16:38:52 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2008/11/13 15:18:56 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/12/12 10:02:38 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2006/12/12 10:03:58 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2006/12/12 10:02:28 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/01/19 03:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 03:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 03:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/03/05 09:33:44 | 34,239,752 | ---- | M] (PC Utility Inc.) -- C:\Program Files\ErrorFix\ErrorFix.exe
PRC - [2009/01/15 06:17:20 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/15 06:17:20 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/04 23:16:26 | 00,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
PRC - [2009/01/15 06:17:20 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/29 15:28:23 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Users\Rich\Downloads\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/05 17:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 17:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 17:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 17:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/01/08 02:25:00 | 00,181,784 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/02/16 18:14:58 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/11/13 15:18:56 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2006/08/04 21:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 03:36:49 | 00,108,032 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2005/04/18 04:47:00 | 00,840,192 | ---- | M] (Airgo Networks, Inc.) -- C:\Windows\system32\DRIVERS\WniHdd51.sys -- (Airgo [On_Demand | Running])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/05 17:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 17:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009/02/05 17:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009/02/05 17:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 17:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/02 03:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2005/09/07 17:29:44 | 00,044,288 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2005/09/07 17:32:58 | 00,024,960 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/10/31 18:15:24 | 00,165,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/01/19 01:32:49 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Running])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/08 19:55:10 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/11/08 19:54:02 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2006/12/12 10:49:56 | 01,476,608 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/12/12 10:49:56 | 01,476,608 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2007/01/26 22:09:40 | 00,068,954 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\Drivers\jl2005c.sys -- (JL2005C [On_Demand | Stopped])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 18:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 03:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) -- C:\Windows\system32\DRIVERS\NETw2v32.sys -- (NETw2v32 [On_Demand | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 16:39:42 | 00,812,032 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/11/13 15:19:08 | 00,293,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\system32\DRIVERS\vsdatant.sys -- (Vsdatant [System | Running])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/08 19:53:48 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/08/04 21:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\S-1-5-21-238331562-2711603885-3829185935-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\S-1-5-21-238331562-2711603885-3829185935-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/15 14:43:42 | 00,000,000 | ---D | M]


O1 HOSTS File: (302817 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 10437 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] zHotkey.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ModPS2] ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ShowWnd] ShowWnd.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetup = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupIDPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoNetSetupSecurityPage = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoWorkgroupContents = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoEntireNetwork = 0
O7 - HKU\S-1-5-21-238331562-2711603885-3829185935-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSharingControl = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/03/28 18:29:55 | 00,001,537 | ---- | C] () -- C:\Users\Rich\Desktop\Windows Explorer (2).lnk
[2009/03/23 18:11:31 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/03/23 18:11:02 | 22,117,0331 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/03/18 21:59:45 | 00,000,312 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/03/18 21:34:27 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Malwarebytes
[2009/03/18 21:34:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/18 21:34:25 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/18 21:34:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/18 21:34:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/03/18 21:34:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/16 22:44:09 | 00,008,486 | ---- | C] () -- C:\Users\Rich\Documents\cc_20090316_224359.reg
[2009/03/15 14:38:30 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/15 14:38:28 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/15 14:38:26 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/15 14:38:26 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/15 14:38:26 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/15 14:38:26 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/15 14:38:21 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/15 14:38:16 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/15 14:30:20 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/15 14:30:16 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/15 14:30:14 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/15 14:29:39 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/15 14:29:26 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/15 13:16:20 | 00,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009/03/15 13:16:19 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\DriverCure
[2009/03/15 13:16:15 | 00,000,378 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
[2009/03/15 13:16:12 | 00,001,004 | ---- | C] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk
[2009/03/15 13:16:12 | 00,000,414 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2009/03/15 13:16:11 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/03/15 13:16:11 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/03/15 13:16:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/03/15 13:16:10 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2009/03/15 12:29:25 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\Yahoo!
[2009/03/15 12:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/03/15 12:29:20 | 00,001,670 | ---- | C] () -- C:\Users\Rich\Desktop\CCleaner.lnk
[2009/03/15 12:29:20 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/03/15 12:19:06 | 00,000,797 | ---- | C] () -- C:\Users\Rich\Desktop\Downloads - Shortcut.lnk
[2009/03/15 12:14:40 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Rich\Documents\erunt-setup.exe
[2009/03/15 10:59:45 | 00,001,537 | ---- | C] () -- C:\Users\Rich\Desktop\Windows Explorer.lnk
[2009/03/14 14:50:38 | 00,001,874 | ---- | C] () -- C:\Users\Rich\Desktop\HijackThis.lnk
[2009/03/14 14:50:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/14 14:01:33 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/03/14 14:01:33 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/03/14 14:01:33 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/03/14 14:01:33 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/03/14 14:01:32 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/03/14 14:01:32 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/03/14 14:01:32 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/14 14:01:31 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/03/14 14:01:31 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/03/14 14:01:31 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/03/14 14:01:31 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/03/14 14:01:31 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/03/14 14:01:31 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/03/14 14:01:30 | 01,639,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/14 14:01:30 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/03/14 14:01:30 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/03/14 14:01:30 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/03/14 14:01:30 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/03/14 14:01:29 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/03/14 14:01:29 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/03/14 14:01:29 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/03/14 14:01:29 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/03/14 14:01:29 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/03/14 14:01:29 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/03/14 14:01:29 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/03/14 14:01:29 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/03/14 14:01:29 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/03/14 14:01:28 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/14 14:01:28 | 00,593,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/14 14:01:28 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/03/14 14:01:28 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/03/14 14:01:28 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/03/14 14:01:27 | 00,724,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/03/14 14:01:27 | 00,445,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/03/14 14:01:27 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/03/14 14:01:27 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/03/14 14:01:27 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/03/14 14:01:26 | 00,392,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/03/14 14:01:24 | 03,698,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/03/14 14:01:24 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/14 14:01:24 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/03/14 14:01:24 | 00,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/03/14 14:01:24 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/03/14 14:01:24 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/03/14 14:01:24 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/03/14 14:01:24 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/03/14 14:01:24 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/03/14 14:01:24 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/03/14 14:01:24 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/03/14 14:01:24 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/03/14 14:01:23 | 01,467,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/03/14 14:01:23 | 01,182,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/14 14:01:23 | 00,911,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/14 14:01:22 | 10,963,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/14 14:01:21 | 05,888,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/13 20:20:47 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Rich\Desktop\setup-spybotsd162.exe
[2009/03/12 22:49:00 | 00,000,420 | ---- | C] () -- C:\Windows\tasks\ErrorFix Scan.job
[2009/03/12 22:48:54 | 00,000,000 | ---D | C] -- C:\Users\Rich\AppData\Roaming\ErrorFix
[2009/03/12 22:48:44 | 00,001,848 | ---- | C] () -- C:\Users\Public\Desktop\ErrorFix.lnk
[2009/03/12 22:48:38 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2009/03/12 22:47:58 | 00,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2009/03/12 21:13:43 | 00,000,787 | ---- | C] () -- C:\Users\Rich\Desktop\RegistryFix7.lnk
[2009/03/12 21:13:42 | 00,000,000 | ---D | C] -- C:\Program Files\RegistryFix7
[2009/03/12 20:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009/03/12 10:01:01 | 00,000,436 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/03/12 10:00:59 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009/03/12 10:00:54 | 00,000,738 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009/03/12 10:00:54 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/03/11 22:45:13 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/03/11 22:45:12 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/03/11 21:32:32 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/11 21:32:31 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/11 21:32:30 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/11 21:32:30 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/11 21:32:30 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/11 21:32:24 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 21:32:21 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/03/29 15:30:00 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6FC5EAC8-8F56-4185-8DBD-59BE0A81B70C}.job
[2009/03/29 15:30:00 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6DB30D36-8E8E-4D51-88D6-738CCE0E4DA6}.job
[2009/03/29 14:08:50 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/29 14:08:50 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/29 12:44:56 | 00,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/03/29 12:00:03 | 00,000,420 | ---- | M] () -- C:\Windows\tasks\ErrorFix Scan.job
[2009/03/29 10:17:44 | 00,000,436 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/03/29 09:00:00 | 00,000,286 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/03/29 06:42:51 | 03,524,830 | -H-- | M] () -- C:\Users\Rich\AppData\Local\IconCache.db
[2009/03/29 06:42:43 | 00,000,378 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2009/03/29 06:42:25 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009/03/29 00:33:02 | 00,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2009/03/28 18:29:55 | 00,001,537 | ---- | M] () -- C:\Users\Rich\Desktop\Windows Explorer (2).lnk
[2009/03/28 18:29:55 | 00,000,590 | -HS- | M] () -- C:\Users\Rich\Desktop\desktop.ini
[2009/03/28 18:13:27 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/28 18:13:27 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/28 18:13:27 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/28 18:08:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/28 18:08:51 | 00,348,371 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2009/03/28 18:08:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/28 18:00:00 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009/03/23 18:11:31 | 22,117,0331 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/03/18 21:34:25 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/16 22:44:17 | 00,008,486 | ---- | M] () -- C:\Users\Rich\Documents\cc_20090316_224359.reg
[2009/03/15 13:44:12 | 00,001,004 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic DriverCure.lnk
[2009/03/15 13:40:14 | 00,000,738 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009/03/15 12:29:20 | 00,001,670 | ---- | M] () -- C:\Users\Rich\Desktop\CCleaner.lnk
[2009/03/15 12:19:56 | 00,000,797 | ---- | M] () -- C:\Users\Rich\Desktop\Downloads - Shortcut.lnk
[2009/03/15 12:14:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Rich\Documents\erunt-setup.exe
[2009/03/15 10:59:45 | 00,001,537 | ---- | M] () -- C:\Users\Rich\Desktop\Windows Explorer.lnk
[2009/03/14 14:50:38 | 00,001,874 | ---- | M] () -- C:\Users\Rich\Desktop\HijackThis.lnk
[2009/03/14 12:40:41 | 00,302,817 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/03/14 12:39:58 | 00,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090314-124041.backup
[2009/03/14 12:37:44 | 00,305,102 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090314-123958.backup
[2009/03/13 20:24:31 | 00,001,055 | ---- | M] () -- C:\Users\Rich\Desktop\Spybot - Search & Destroy.lnk
[2009/03/13 20:21:41 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Rich\Desktop\setup-spybotsd162.exe
[2009/03/12 22:48:44 | 00,001,848 | ---- | M] () -- C:\Users\Public\Desktop\ErrorFix.lnk
[2009/03/12 21:30:12 | 00,000,787 | ---- | M] () -- C:\Users\Rich\Desktop\RegistryFix7.lnk
[2009/03/12 07:38:42 | 00,386,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
< End of report >

#6 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 02:46 PM

/Edit: Edit to remove duplicate log post.

Edited by extremeboy, 29 March 2009 - 03:35 PM.
Remove duplicate post


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 29 March 2009 - 02:53 PM

Hello.

What about the MBAM log? :thumbup2:

Please update MBAM and run MBAM with a quick-scan for me. Once it's done post back with the log.


Also, add in a description of any problems you may have still.

Thanks.

With Regards,
Extremeboy

Edited by extremeboy, 29 March 2009 - 02:55 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 03:09 PM

the MBAM log is still scanning.

Problems are still excisting trying to get into YAhoo, If I keep refreshing it will open home page but will not let me into mail.

this happens in other sites as well with no reg pattern.

some sites open and run well others will not allow and get the error message Internet explorer cannot display webpage.

will send MBAM log when complete.

Thanks

#9 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 03:23 PM

MBAM Log

Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 6.0.6001 Service Pack 1

3/29/2009 4:22:28 PM
mbam-log-2009-03-29 (16-22-28).txt

Scan type: Quick Scan
Objects scanned: 88179
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 29 March 2009 - 03:39 PM

Hello.

I will look at the log once I come back tonight around another 4-5 hours. Sorry about this :thumbup2:

From a quick look at the OTListIT2 log there doesn't seem to be an infection present. In the mean time could you run an online scan just for a second opinion and go to Windows Update and see if anything requires to be updated..

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Update Windows Installation

Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Let's check for any updates.

Go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Was there any problems while doing any of the updates, if there was any updates please specify in your next reply.

I will take a through look once I come back. Sorry for the inconvenience.

With Regards,
Extremeboy

Edited by extremeboy, 29 March 2009 - 03:41 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 03:55 PM

When I tried to open and download Kaspersky it opened page but with errors and would not open to downlod the program.

This is the error i get:

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
Timestamp: Sun, 29 Mar 2009 20:52:54 UTC


Message: Expected ')'
Line: 8
Char: 3789
Code: 0
URI: http://usa.kaspersky.com/incs/swfobject.js

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 29 March 2009 - 08:04 PM

Hello.

I'm back again. :thumbup2:

I did a quick research on this problem relating to yahoo and I see many people having this problem as well but NOT related to Malware.

Let me confirm this and then we will move you to another forum afterwards. Microsoft has an article related to this: http://support.microsoft.com/kb/956196

Could you let me know what the EXACT link you cannot access in yahoo?

Run the following online scan instead of Kaspersky. Also check if there's any windows update after that.

Run F-Secure Online Scan

Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.
Post back with:
-F-Secure scan log
-New OTlistIT2 log
-Answer to my question.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 08:29 PM

I could not even open the link I i get the error message lower left corner:

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
Timestamp: Mon, 30 Mar 2009 01:26:39 UTC


Message: Expected '('
Line: 72
Char: 455
Code: 0
URI: http://support.microsoft.com/common/script/gsfx/common.js?19


Message: Object expected
Line: 1
Char: 1
Code: 0
URI: http://support.microsoft.com/kb/956196


Message: Object expected
Line: 1
Char: 1
Code: 0
URI: http://support.microsoft.com/kb/956196


Message: Object expected
Line: 1
Char: 1
Code: 0
URI: http://support.microsoft.com/kb/956196


Message: 'SaveToFavoritesData' is undefined
Line: 1
Char: 1
Code: 0
URI: http://support.microsoft.com/kb/956196


Message: Unterminated string constant
Line: 56
Char: 141
Code: 0
URI: http://support.microsoft.com/common/script/fx/survey.js?19

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 AM

Posted 29 March 2009 - 08:44 PM

Hello.

It's getting very late here, so I need to go to beed now.

Run CCleaner and then try running the online scan. Are you using IE or FF? If FF doesn't work IE should if both don't work let me know in your next reply.

Install and Run CCleaner
We will user CCleaner by Piriform to remove temporary files.
  • Please download CCleanerSetup from this page and save it to your desktop.
  • Select the Download Latest Version at the top right of the page.
  • Double click the setup file. Follow the prompts to install the program.
    I suggest you uncheck the option for Yahoo! toolbar. Otherwise, adjust options as you please.
  • Open CCleaner to the Cleaner section.
  • Check all items in Internet Explorer, Windows Explorer, and System. You can leave "Auto Completely Form History" unchecked if desired.
  • Under the Advanced section, check, unless otherwise desired:
    • Old Prefetch data
    • Menu Cache order
    • Tray Notifications Cache (settings for items in the area beside the clock)
    • User Assist History
    • IIS Log Files
    • Hotfix uninstallers
  • Click Run Cleaner. Close out when finished.
Note:Please do not use the other features of CCleaner.

See if you can run either Kaspersky or F-Secure scan now. If not, let me know and we will try something else next post.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Rich4bugs

Rich4bugs
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 29 March 2009 - 09:22 PM

I tried to run the f-secure twice and both times it came up with an error code that the download file was corrupt to retry the download.

I did not try the third tiime.

The exact address that I type in is Yahoo.com
I will type in the address and it will come unable to connnect and after I refresh a couple of times it will open yahoo's home page. burt when i try to say check yahoo mail it will come up page not found.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users