Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something that redirects Google search results.


  • This topic is locked This topic is locked
2 replies to this topic

#1 The Spoony One

The Spoony One

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 26 March 2009 - 03:45 AM

Hey everyone,

I'm posting on behalf of my girlfriend, who's having a load of problems with some kind of infection on her computer. Ordinarily I'd have her post it, but actually, she can't even access this page because whatever's infected her computer shuts the browser down if she ever tries to access bleepingcomputer.com.

She's having trouble with her Google search results sometimes being redirected to advertising or porn sites. Finding help has been difficult, because sometimes when she types in web addresses of common sites, or sites that might help, the browser just closes down. She's tried this on Firefox, IE, Chrome, Safari, nothing's worked. She's tried a battery of malware, adware, and virus scanning software, like Avast, AVG, Malwarebytes, and none of them find anything wrong. She's also tried following the usual advice on several other sites, like running ComboFix, but it just loads a progress bar for about five seconds and then vanishes completely from the Task Manager. Nothing else happens.

I sent her the DDS.scr file recommended in your tutorial, to similar results. A black command window flashes on-screen for a second, then shuts down to no further result.

She has been able to run Hijack This, and generated a few log files: OTListIt.Txt, hijackthis.log, and Extras.Txt. I'll include these files below:

(As a side note, at the same time this problem cropped up, her computer reported the inclusion of some kind of new "high definition audio device" hardware on her computer, and now none of her onboard sound works. The Windows Control Panel lists no other audio devices on the computer, and Winamp and Media Player crash outright when opened. Of course, she has added no such new audio device or any hardware. I think this is related, but can't be sure.)

Thanks for any advice you can offer.

*****************************************************
OTListIt.Txt
]*****************************************************


OTListIt logfile created on: 3/25/2009 7:04:03 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Jess\Desktop\PC Applications\Virus Removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.15% Memory free
3.35 Gb Paging File | 2.75 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 147.09 Gb Free Space | 63.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 649.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 27.85 Gb Total Space | 14.73 Gb Free Space | 52.89% Space Free | Partition Type: FAT32

Computer Name: J-X1O5HCTKDAW90
Current User Name: Jess
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
PRC - C:\Documents and Settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\WINDOWS\system32\CSHelper.exe ()
PRC - C:\Program Files\iWin Games\iWinGamesInstaller.exe (iWin Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Jess\Desktop\PC Applications\Virus Removal\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (a2free [Auto | Running]) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CSHelper [Auto | Running]) -- C:\WINDOWS\system32\CSHelper.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [On_Demand | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (iWinGamesInstaller [Auto | Running]) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe (iWin Inc.)
SRV - (Ldaroxntdwi [Disabled | Stopped]) -- File not found
SRV - (LVCOMSer [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (Ms2tiemes [On_Demand | Stopped]) -- File not found
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AEC671X [System | Stopped]) -- C:\WINDOWS\System32\drivers\AEC671X.SYS (Acard Technology Corp.)
DRV - (AmdLLD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdLLD.sys (AMD, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (DgiVecp [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys (DeviceGuys, Inc.)
DRV - (DMX3191 [System | Stopped]) -- C:\WINDOWS\System32\drivers\DMX3191.SYS (Microsoft Corporation)
DRV - (enodpl [Auto | Running]) -- C:\WINDOWS\System32\drivers\enodpl.sys ()
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (lvpopflt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (pctvvbi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pctvvbi.sys (Pinnacle Systems)
DRV - (pepifilter [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (scsiscan [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\scsiscan.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Si3114r5 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (Silicon Image, Inc)
DRV - (SiFilter [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (tandpl [Auto | Running]) -- C:\WINDOWS\System32\drivers\tandpl.sys ()
DRV - (tbhsd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (truecrypt [System | Running]) -- C:\WINDOWS\system32\Drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {A5994E3F-0D1C-4abb-AD80-B41B474DF865}:1.5
FF - prefs.js..extensions.enabledItems: {cc4dacb5-8c7c-6ac0-dd91-f57a9399d48e}:0.1.4
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.93
FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:0.9.7
FF - prefs.js..extensions.enabledItems: gmail_sigs@blankcanvasweb.com:1.11.09
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1
FF - prefs.js..extensions.enabledItems: {671c8440-f787-11dc-95ff-0800200c9a66}:1.0.3
FF - prefs.js..extensions.enabledItems: notebook@google.com:1.0.0.22
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.1.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.6.4
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.1.0
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2009/01/04 13:22:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/25 17:45:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/25 06:33:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/16 15:31:03 | 00,000,000 | ---D | M]

[2008/06/25 23:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Extensions
[2008/06/25 23:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/09/25 20:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions
[2008/09/25 20:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions\{20291fcc-1471-46c8-8213-0911f5ce6d66}
[2008/09/25 20:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions\{4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}
[2008/09/25 20:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2008/09/25 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2008/09/25 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/09/25 20:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions\gmail_sigs@blankcanvasweb.com
[2008/09/25 20:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\backup-x0vzmvd8.default\extensions\snaplinks@snaplinks.net
[2009/03/25 18:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions
[2009/03/15 00:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/03/04 03:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/03/12 06:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{671c8440-f787-11dc-95ff-0800200c9a66}
[2009/03/20 23:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2008/09/08 23:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2009/01/15 19:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2009/03/19 18:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{A5994E3F-0D1C-4abb-AD80-B41B474DF865}
[2009/03/15 17:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/02/26 15:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\{cc4dacb5-8c7c-6ac0-dd91-f57a9399d48e}
[2009/03/24 23:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\gmail_sigs@blankcanvasweb.com
[2008/10/20 00:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\moveplayer@movenetworks.com
[2009/03/04 13:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\notebook@google.com
[2009/03/22 01:22:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\rankchecker@seobook.com
[2009/03/09 21:34:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jess\Application Data\mozilla\Firefox\Profiles\x0vzmvd8.default\extensions\seo4firefox@seobook.com
[2009/02/05 01:25:39 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\Jess\Application Data\Mozilla\FireFox\Profiles\x0vzmvd8.default\searchplugins\imdb.xml
[2009/03/23 13:03:55 | 00,001,172 | ---- | M] () -- C:\Documents and Settings\Jess\Application Data\Mozilla\FireFox\Profiles\x0vzmvd8.default\searchplugins\swagbuckscom.xml
[2009/02/05 01:25:46 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\Jess\Application Data\Mozilla\FireFox\Profiles\x0vzmvd8.default\searchplugins\webster.xml
[2008/11/21 23:08:15 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Jess\Application Data\Mozilla\FireFox\Profiles\x0vzmvd8.default\searchplugins\wikipedia-eng.xml
[2009/02/26 15:21:29 | 00,002,577 | ---- | M] () -- C:\Documents and Settings\Jess\Application Data\Mozilla\FireFox\Profiles\x0vzmvd8.default\searchplugins\wordpot---the-keyword-finder.xml
[2009/02/12 20:42:25 | 00,005,595 | ---- | M] () -- C:\Documents and Settings\Jess\Application Data\Mozilla\FireFox\Profiles\x0vzmvd8.default\searchplugins\wordtracker.xml
[2009/03/25 18:47:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/07 00:35:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/25 17:45:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/07 00:35:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/07 00:35:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 00:35:45 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 00:35:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/07 00:35:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 00:35:45 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 00:35:45 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 00:35:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/07 00:35:45 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (291282 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10032 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [Taskbar Shuffle] "C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" (Jay Elaraj)
O4 - Startup: C:\Documents and Settings\Jess\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: spoonyexperiment.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\khfFwUli) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\AutoRun.exe (TODO: <Company name>) - [ CDFS ]
O32 - Autorun File - E:\autorun.inf () - [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2003/11/08 07:33:06 | 10,268,672 | R--- | M] (TODO: <Company name>)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/03/25 17:34:05 | 01,339,834 | ---- | C] () -- C:\MGtools.exe
[2009/03/25 17:02:59 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/25 16:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/25 16:58:22 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Jess\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/25 16:58:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/25 16:49:56 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/03/25 15:44:52 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/03/25 15:43:36 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/03/25 07:38:00 | 21,470,12608 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/25 07:34:43 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/25 07:34:43 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/25 07:34:42 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/25 07:34:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/25 07:34:40 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/25 07:34:40 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/25 07:34:40 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/25 07:34:40 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/25 07:34:26 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/25 07:34:26 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/25 06:25:15 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Jess\My Documents\cf.html
[2009/03/25 06:10:25 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/25 06:09:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\My Documents\Downloads
[2009/03/25 06:05:19 | 00,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2052111302-725345543-1004.job
[2009/03/25 05:49:58 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/03/25 05:38:48 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/03/25 05:38:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\My Documents\a-squared Free
[2009/03/25 05:24:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 05:24:38 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/25 05:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/25 05:11:20 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/03/25 00:18:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\My Documents\Micro Niche Finder
[2009/03/25 00:18:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2009/03/25 00:18:12 | 00,000,000 | ---D | C] -- C:\Program Files\Micro Niche Finder
[2009/03/22 00:34:50 | 00,000,211 | ---- | C] () -- C:\Documents and Settings\Jess\Desktop\Google.url
[2009/03/17 02:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\Local Settings\Application Data\IsolatedStorage
[2009/03/17 02:29:41 | 00,000,000 | ---D | C] -- C:\Program Files\Incansoft
[2009/03/16 15:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/16 15:30:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/15 01:08:29 | 00,000,000 | ---D | C] -- C:\Program Files\Power Article Rewriter
[2009/03/15 00:45:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\Application Data\CyberMatrix
[2009/03/15 00:45:05 | 00,000,000 | ---D | C] -- C:\Program Files\Clipboard Magic
[2009/03/15 00:42:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\My Documents\iMacros
[2009/03/07 00:18:19 | 00,001,467 | ---- | C] () -- C:\Documents and Settings\Jess\Desktop\Internet Marketing.lnk
[2009/03/07 00:17:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jess\My Documents\Internet Marketing
[2009/03/06 05:01:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/03/05 21:13:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jess\Desktop\Niche Sites
[2009/03/05 21:02:03 | 00,000,000 | ---D | C] -- C:\Program Files\pp
[2009/03/05 16:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\Local Settings\Application Data\AMIArticleWriter
[2009/03/05 15:00:50 | 00,000,000 | ---D | C] -- C:\Program Files\AMI Article Writer
[2009/03/05 14:46:29 | 00,000,000 | ---D | C] -- C:\Program Files\G-Lock Software
[2009/03/05 14:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\Application Data\G-Lock Software
[2009/03/03 22:37:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/03/02 17:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\My Documents\Web Stuff
[2009/03/01 16:19:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jess\Desktop\Downloads
[2009/02/28 00:27:34 | 00,000,000 | ---D | C] -- C:\Program Files\GamerLog
[2009/02/27 19:28:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/02/24 17:39:17 | 00,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
[2009/02/24 17:39:16 | 00,000,000 | ---D | C] -- C:\Program Files\AMD
[2009/02/24 17:31:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jess\Local Settings\Application Data\Downloaded Installations
[2009/02/24 16:09:39 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2009/02/24 16:09:39 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2009/02/24 15:57:42 | 00,000,000 | ---D | C] -- C:\Program Files\Ubisoft

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/03/25 18:32:02 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2052111302-725345543-1004.job
[2009/03/25 17:40:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/25 17:40:25 | 00,348,370 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/03/25 17:40:03 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/25 17:38:57 | 08,077,958 | -H-- | M] () -- C:\Documents and Settings\Jess\Local Settings\Application Data\IconCache.db
[2009/03/25 17:34:05 | 01,339,834 | ---- | M] () -- C:\MGtools.exe
[2009/03/25 16:58:22 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Jess\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/03/25 16:21:55 | 00,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/25 16:21:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/25 16:21:55 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009/03/25 07:34:40 | 00,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/25 07:23:46 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/25 06:25:16 | 00,000,140 | ---- | M] () -- C:\Documents and Settings\Jess\My Documents\cf.html
[2009/03/25 00:22:28 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/24 18:21:51 | 00,066,560 | ---- | M] () -- C:\Documents and Settings\Jess\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 15:24:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/22 00:34:50 | 00,000,211 | ---- | M] () -- C:\Documents and Settings\Jess\Desktop\Google.url
[2009/03/21 04:08:30 | 00,000,542 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Backup.job
[2009/03/20 17:03:26 | 00,002,873 | ---- | M] () -- C:\Documents and Settings\Jess\Application Data\SAS7_000.DAT
[2009/03/20 04:13:49 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Jess\Desktop\Microsoft Office Outlook 2003.lnk
[2009/03/11 05:47:11 | 00,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/09 02:33:30 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/03/07 05:59:24 | 00,001,467 | ---- | M] () -- C:\Documents and Settings\Jess\Desktop\Internet Marketing.lnk
[2009/03/02 17:27:00 | 00,001,610 | ---- | M] () -- C:\Documents and Settings\Jess\Desktop\Endicia.lnk
[2009/03/02 17:26:53 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\Jess\Desktop\Quickbooks.lnk
[2009/03/02 17:25:55 | 00,001,412 | ---- | M] () -- C:\Documents and Settings\Jess\Desktop\Freelance.lnk
[2009/03/02 17:25:34 | 00,001,498 | ---- | M] () -- C:\Documents and Settings\Jess\Desktop\TSE.lnk
[2009/03/01 04:00:00 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:912389B7
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8658F1F5
@Alternate Data Stream - 766 bytes -> C:\Documents and Settings\Jess\Desktop\Japan National Postal Codes.url:favicon
@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0664ADFC
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473
@Alternate Data Stream - 1438 bytes -> C:\Documents and Settings\Jess\Desktop\Country Abbreviations.url:favicon
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95EBD4E0
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353FE71F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75A89023
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E11ABA64
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:543CAD1B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Jess\Desktop\Google.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Jess\Desktop\ATP Tennis.url:favicon
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF794BCD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:991838E5
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33AFD01D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4CF4C16
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6520B0F3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:462F5905
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E862007A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA50D64F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:145EE4E0
< End of report >



*****************************************************
hijackthis.log
]*****************************************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:37 AM, on 3/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] "C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.spoonyexperiment.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10910 bytes




*****************************************************
Extras.Txt
]*****************************************************






OTListIt Extras logfile created on: 3/25/2009 5:05:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Jess\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.51% Memory free
3.35 Gb Paging File | 2.70 Gb Available in Paging File | 80.56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 147.13 Gb Free Space | 63.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 649.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 27.85 Gb Total Space | 14.73 Gb Free Space | 52.89% Space Free | Partition Type: FAT32

Computer Name: J-X1O5HCTKDAW90
Current User Name: Jess
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice ()
C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk (Google)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server (Apache Software Foundation)
C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld ()
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger (Logitech Inc.)
C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver (www.sopcast.com)
C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application (www.sopcast.com)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire PRO 4.16.2 (Lime Wire, LLC)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath (Skype Technologies S.A.)
C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. (iWin Inc.)
C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. ()
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Documents and Settings\Jess\Desktop\DVD & MP3 Software\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\FireFly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 (Firefly Studios)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0317400B-698E-4F22-A1CB-AA91D9D0D118}" = Power Article Rewriter
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34D6EED8-7650-4E1C-BC26-F5B2DDE185C6}" = OverDrive Media Console
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}" = TomTom HOME
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{50841016-B422-459A-9D92-CEC6A38FAE4F}" = DirectoryBot
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{6211E3CA-E242-4643-8B33-56C1F8F5A3BB}" = Casper 4.0
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{688467AD-09B1-4100-A03A-97245EC74C24}" = SocialBot
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{6BF81CE7-3D5A-497F-8912-2A65A0253E1B}" = Beyond Good & Evil
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B1111A78-01E5-483B-9B1A-6864B82184E8}" = TomTom HOME
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D980FF5B-AC29-44DE-B0EF-5AFD964965D7}" = RSSBot
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{E00837D1-CB05-4BD7-A131-3F0872E6BC35}" = SourceGear DiffMerge
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"7-Zip" = 7-Zip 4.56 beta
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"a-squared Free_is1" = a-squared Free 4.0
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"Be Rich1.01" = Be Rich
"BFGC" = Big Fish Games Client
"BTmod" = Oblivion - BTmod 2.20
"Burger Shop_is1" = Burger Shop
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"Clipboard Magic_is1" = Clipboard Magic 4.01
"DAZzle" = DAZzle
"DVD Shrink_is1" = DVD Shrink 3.2
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"Eraser" = Eraser
"ERUNT_is1" = ERUNT 1.1j
"Express ClickYes" = Express ClickYes 1.2
"Fast Blog Finder_is1" = Fast Blog Finder 2.60
"FileZilla" = FileZilla (remove only)
"Forgotten Lands The First Colony1.0" = Forgotten Lands The First Colony
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"iWinArcade" = iWin Games (remove only)
"JoJos Fashion Show" = JoJos Fashion Show (remove only)
"Jojos Fashion Show 2 Las Cruces1.0" = Jojos Fashion Show 2 Las Cruces
"Kudos 2_is1" = Kudos 2
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"LimeWire" = LimeWire PRO 4.16.2
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro Niche Finder_is1" = Micro Niche Finder
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"Pidgin" = Pidgin
"Ranch Rush1.0" = Ranch Rush
"RealPlayer 6.0" = RealPlayer
"Samsung ML-2550 Series PS" = Samsung ML-2550 Series PS
"SecondLife" = SecondLife (remove only)
"Security Process Explorer_is1" = Security Process Explorer 1.6
"Smart Defrag_is1" = Smart Defrag 1.10
"SopCast" = SopCast 3.0.3
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Streamripper.Plugin" = Streamripper Plugin 1.62.2 (Remove only)
"Supple" = Supple (remove only)
"TagScanner_is1" = TagScanner 5.0 build 516
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"The Beast Within_is1" = The Beast Within English
"Top Chef 1.00" = Top Chef 1.00
"TrueCrypt" = TrueCrypt
"Tunebite_is1" = Tunebite 4.0.0.10
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE" = XoftSpySE
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2009 3:08:25 AM | Computer Name = J-X1O5HCTKDAW90 | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 7.0.0.1333, faulting module
acrobat.dll, version 7.0.0.1333, fault address 0x0006ab3b.

Error - 3/18/2009 3:09:02 AM | Computer Name = J-X1O5HCTKDAW90 | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 7.0.0.1333, faulting module
acrobat.dll, version 7.0.0.1333, fault address 0x0006ab3b.

Error - 3/18/2009 7:49:05 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 7.0.0.1333, faulting module
acrobat.dll, version 7.0.0.1333, fault address 0x0006ab3b.

Error - 3/21/2009 2:02:25 AM | Computer Name = J-X1O5HCTKDAW90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module comctl32.dll, version 6.0.2900.5512, fault address 0x00076215.

Error - 3/21/2009 2:02:52 AM | Computer Name = J-X1O5HCTKDAW90 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 3/21/2009 7:00:22 AM | Computer Name = J-X1O5HCTKDAW90 | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 3/21/2009 7:00:22 AM | Computer Name = J-X1O5HCTKDAW90 | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 3/21/2009 7:00:22 AM | Computer Name = J-X1O5HCTKDAW90 | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 3/21/2009 7:00:22 AM | Computer Name = J-X1O5HCTKDAW90 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 3/25/2009 9:05:27 AM | Computer Name = J-X1O5HCTKDAW90 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/25/2009 7:25:30 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:31 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:32 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:33 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:34 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:35 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:36 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:37 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7000
Description = The Logitech LVPr2Mon Driver service failed to start due to the following
error: %%87

Error - 3/25/2009 7:25:37 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7023
Description = The Process Monitor service terminated with the following error: %%110

Error - 3/25/2009 7:43:24 PM | Computer Name = J-X1O5HCTKDAW90 | Source = Service Control Manager | ID = 7034
Description = The iWinGamesInstaller service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

BC AdBot (Login to Remove)

 


#2 The Spoony One

The Spoony One
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 April 2009 - 09:46 PM

The problem has been resolved. I can't explain why, but somehow she got ComboFix running after a reboot and everything seems to be A-OK.

I'm afraid I don't have access to the logs so I can't be more helpful.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:19 PM

Posted 04 April 2009 - 05:17 PM

Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users