Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue IE pop-ups in new windows and apparent random computer beeping


  • This topic is locked This topic is locked
11 replies to this topic

#1 Pins

Pins

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Currently in Austria!
  • Local time:12:55 AM

Posted 11 June 2009 - 07:11 AM

Hi guys, this is my first time posting on bleeping computer so have mercy if I'm out of place. >_>

I'm running Windows XP Media Center Edition.

The Problem:
Recently Internet Explorer keeps opening popups in new windows, randomly. It's always the same stupid advertisements. RON ads by Horizonads. I never use Internet Explorer. My main browser has been Firefox for a good few years now. (I did recently decide to upgrade to IE8 for the craic but my problem was present before this upgrade.) My other problem is that also recently my computer sometimes beeps. I think it's related to the pop-ups but it doesn't always occur when I get a rogue pop-up from IE. I've only experienced this beeping after the problem with IE happened.

What I've done:
Firstly, I made sure that IE's Pop-UP Blocker was turned on.
I used CCleaner v2.20.920 to clean my computer and the registry.
I ran Vundofix but it didn't pick up anything. (I read other forums which suggested that as a solution.)
I used the program HijackThis and located at least one definite problem in there, namely:
O2 - BHO: horizonads browser enhancer - {8EB8C8B3-4751-975B-7098-472C8E16F26E} - C:\WINDOWS\system32\parfvjgyadjmjc.dll
I remove it but it keeps coming back.

My HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:46, on 11/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\vmnat.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = moll:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: horizonads browser enhancer - {8EB8C8B3-4751-975B-7098-472C8E16F26E} - C:\WINDOWS\system32\parfvjgyadjmjc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [zvvnioumoow] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\parfvjgyadjmjc.dll"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.may.ie/wfplayer/tdserver.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177852237109
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c945dc9d3992cc) (gupdate1c945dc9d3992cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13004 bytes

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:55 PM

Posted 11 June 2009 - 10:38 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Pins

Pins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Currently in Austria!
  • Local time:12:55 AM

Posted 14 June 2009 - 05:36 PM

Heyas Sam!

I did all as you asked and I experienced no problems. =]

My MBAM log:
Malwarebytes' Anti-Malware 1.37
Database version: 2279
Windows 5.1.2600 Service Pack 3

15/06/2009 00:19:41
mbam-log-2009-06-15 (00-19-41).txt

Scan type: Quick Scan
Objects scanned: 110264
Time elapsed: 13 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\parfvjgyadjmjc.dll (Adware.HorizonAds) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{8eb8c8b3-4751-975b-7098-472c8e16f26e} (Adware.HorizonAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8eb8c8b3-4751-975b-7098-472c8e16f26e} (Adware.HorizonAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8eb8c8b3-4751-975b-7098-472c8e16f26e} (Adware.HorizonAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f608c2d0-846d-4f0e-e47a-88367c887707} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\epsdylsgsoyzgmt (Adware.HorizonAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smartenhancer (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zvvnioumoow (Adware.HorizonAds) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SmartEnhancer (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\parfvjgyadjmjc.dll (Adware.HorizonAds) -> Delete on reboot.
c:\WINDOWS\system32\epsdylsgsoyzgmt.exe (Adware.HorizonAds) -> Quarantined and deleted successfully.
c:\program files\smartenhancer\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\smartenhancer\SmartEnhancer.dat (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\smartenhancer\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.





My OTL Log:
OTL logfile created on: 15/06/2009 00:27:19 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Moll\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 88.04% Memory free
3.83 Gb Paging File | 3.23 Gb Available in Paging File | 84.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.51 Gb Free Space | 8.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIOBHAN
Current User Name: Moll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/08/02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/04/14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/02/25 07:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/02/25 07:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2006/02/02 13:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/08/03 15:26:14 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006/08/25 14:47:12 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
PRC - [2006/06/29 09:41:22 | 00,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2006/03/03 01:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/11/14 00:08:30 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2005/05/12 11:31:38 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2006/05/05 15:59:16 | 16,206,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/03 15:26:02 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/08/02 02:38:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/08/02 02:32:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2006/03/03 00:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/10/06 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2008/04/13 04:56:56 | 00,088,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2009/03/09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/12 20:27:27 | 00,368,640 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
PRC - [2006/03/16 22:58:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/01/17 13:57:19 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/04/11 12:26:06 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/09 06:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/08/02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/02/07 17:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2009/03/26 22:57:36 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2001/11/12 14:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009/04/12 20:23:56 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
PRC - [2009/04/12 20:27:52 | 01,179,648 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/03/26 22:57:32 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/03/26 22:57:52 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2009/04/12 20:27:34 | 01,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
PRC - [2006/08/02 02:27:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/06/10 18:57:16 | 00,308,216 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
PRC - [2009/06/14 23:54:01 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moll\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/22 08:48:56 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2006/08/02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/11/14 00:08:30 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c945dc9d3992cc [Auto | Stopped])
SRV - [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 06:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/02/25 07:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2009/04/12 20:27:52 | 01,179,648 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/08/02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2007/11/06 22:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2006/08/02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2009/04/12 20:16:55 | 00,151,552 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Running])
SRV - [2008/08/07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/02/05 11:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
SRV - [2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/02/05 11:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2006/02/07 17:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
SRV - [2008/12/01 11:49:02 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])
SRV - [2009/03/26 22:57:32 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService [Auto | Running])
SRV - [2009/03/26 22:57:52 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])
SRV - [2009/03/26 22:57:36 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [Auto | Running])
SRV - [2009/04/12 20:27:34 | 01,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2001/11/12 14:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])
SRV - [2009/04/12 20:23:56 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/12/03 21:18:03 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/12/13 18:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/04/02 02:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2006/03/22 08:56:24 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2009/04/12 20:27:14 | 00,086,792 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV - [2008/01/07 18:41:34 | 00,196,368 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
DRV - [2009/04/12 20:23:57 | 00,156,688 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV - [2009/04/12 20:27:29 | 00,008,320 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
DRV - [2004/08/11 16:39:38 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/10/06 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/13 01:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/03/26 22:58:34 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running])
DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/03/23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2006/05/05 16:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/11 00:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2006/07/26 19:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2008/04/13 20:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/07 08:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/05/07 08:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2007/11/06 22:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2006/05/01 22:04:00 | 03,643,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2003/09/19 16:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2007/07/12 02:32:44 | 00,012,800 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2006/08/02 03:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 12:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/03/20 20:49:27 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/03/03 00:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/11/30 19:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/09/09 15:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
DRV - [2007/07/10 09:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
DRV - [2005/10/20 15:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])
DRV - [2006/05/30 17:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2008/06/06 10:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 20:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/05/07 08:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2009/03/26 22:58:38 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\Drivers\vmci.sys -- (vmci [Auto | Running])
DRV - [2009/03/26 22:58:38 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])
DRV - [2009/03/26 17:31:12 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])
DRV - [2009/03/26 17:31:12 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running])
DRV - [2009/03/26 22:58:34 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])
DRV - [2009/03/26 22:58:36 | 00,857,520 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\Drivers\vmx86.sys -- (vmx86 [Auto | Running])
DRV - [2008/12/01 11:47:08 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])
DRV - [2006/03/13 16:49:54 | 00,060,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300bus.sys -- (w300bus [On_Demand | Stopped])
DRV - [2006/03/13 18:50:00 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])
DRV - [2006/03/13 18:50:02 | 00,096,352 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300mdm.sys -- (w300mdm [On_Demand | Stopped])
DRV - [2006/03/13 18:50:06 | 00,087,824 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300mgmt.sys -- (w300mgmt [On_Demand | Stopped])
DRV - [2006/03/13 18:50:08 | 00,085,696 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300obex.sys -- (w300obex [On_Demand | Stopped])
DRV - [2005/11/28 11:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\S-1-5-21-1680809107-1527604292-2322255829-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/05/29 00:55:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/06/07 15:18:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5b99\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3.1 BETA 3\COMPONENTS [2009/06/10 18:57:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5b99\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3.1 BETA 3\PLUGINS [2009/06/10 18:57:28 | 00,000,000 | ---D | M]

[2009/04/13 21:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Extensions
[2008/04/28 18:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/13 21:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/06/14 16:06:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\kib57n23.default\extensions
[2009/03/15 15:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\kib57n23.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/01/08 14:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\kib57n23.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/05/31 22:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\vvag9r5j.default\extensions
[2009/04/26 14:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/31 22:23:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/14 21:28:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/03 21:03:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/04 13:13:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/03 19:20:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/03 16:10:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/06 14:06:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/06 14:47:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: (771 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 update.bitdefender.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.may.ie/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1177852237109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 16:00:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/14 23:56:01 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/06/14 23:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\Malwarebytes
[2009/06/14 23:56:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 23:56:32 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/14 23:56:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/14 23:56:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/14 23:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/14 23:54:01 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Moll\Desktop\OTL.exe
[2009/06/14 23:53:23 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Moll\Desktop\mbam-setup.exe
[2009/06/12 00:01:34 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/06/11 21:39:57 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 21:39:57 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/09 13:38:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Moll\Desktop\HijackThis.lnk
[2009/06/09 13:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/08 11:23:38 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/07 17:42:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Desktop\Windows
[2009/06/07 15:14:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/07 15:14:31 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/07 15:14:17 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/07 15:10:37 | 00,000,000 | ---D | C] -- C:\459e24ff266ade577bff9755ea54
[2009/06/06 19:56:49 | 26,739,22048 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/06 19:22:51 | 00,004,244 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/06/04 21:10:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\Download Manager
[2009/06/02 10:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Desktop\Ubuntu 8.10 Desktop
[2009/06/02 02:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\VMware
[2009/06/02 02:05:32 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/06/02 02:05:32 | 00,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2009/06/02 02:05:25 | 00,326,192 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2009/06/02 02:05:21 | 00,399,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2009/06/02 02:05:20 | 00,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2009/06/02 02:05:13 | 00,050,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetbridge.dll
[2009/06/02 02:05:13 | 00,031,280 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetbridge.sys
[2009/06/02 02:05:13 | 00,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2009/06/02 02:05:09 | 00,723,504 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2009/06/02 02:04:40 | 00,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2009/06/02 02:04:32 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/06/02 02:04:19 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2009/06/02 02:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2009/06/02 02:03:51 | 00,000,000 | ---D | C] -- C:\Program Files\VMware
[2009/05/24 14:49:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/24 14:42:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/24 13:55:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/05/24 13:51:21 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/19 18:39:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Moll\My Documents\text
[2009/05/19 17:41:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\FileZilla
[2009/04/12 19:57:32 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/03 16:13:07 | 00,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/08/26 18:43:58 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/06/04 18:18:01 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008/05/24 22:13:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008/05/24 22:12:43 | 00,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/05/24 21:11:38 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/05/19 19:31:38 | 00,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/09 17:54:53 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/17 15:06:27 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/01/09 16:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/09 01:46:09 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/12/02 21:56:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/12/02 17:41:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/11/06 22:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/25 10:57:13 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/17 01:30:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/18 14:44:46 | 00,000,277 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/01/31 15:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/25 15:46:07 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/25 15:42:52 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE PM240EU.ini
[2006/12/09 14:18:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/09/14 14:22:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/14 14:09:00 | 00,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/09/14 13:15:49 | 00,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/14 12:06:12 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/14 11:58:44 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/14 11:58:44 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/14 11:58:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/14 11:58:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/14 11:58:44 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/14 11:58:44 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/14 11:54:03 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/09/14 11:54:03 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/09/14 10:49:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/09/14 10:28:39 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/14 10:28:39 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/14 10:28:39 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/14 10:28:39 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/14 10:25:44 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/14 09:51:54 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/09/14 09:51:54 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/09/14 01:11:25 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/14 01:11:24 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/14 01:11:24 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/14 01:11:23 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/14 01:11:22 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/13 14:43:07 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/09/13 14:43:07 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/13 14:42:24 | 00,000,900 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/09/13 14:42:21 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/01/30 23:15:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/09 13:59:02 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2005/09/02 15:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/07/11 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/06/15 00:29:21 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/06/15 00:22:53 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/15 00:22:42 | 00,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Chat Logs Backup.job
[2009/06/15 00:22:21 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/15 00:22:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/15 00:22:17 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Moll\Local Settings\desktop.ini
[2009/06/15 00:22:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/15 00:22:12 | 26,739,22048 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/15 00:20:28 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/06/14 23:56:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 23:56:01 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Moll\Desktop\mbam-setup.exe
[2009/06/14 23:54:01 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moll\Desktop\OTL.exe
[2009/06/12 00:14:57 | 00,000,900 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/12 00:14:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/12 00:14:57 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/06/12 00:11:27 | 01,550,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/12 00:07:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/11 22:47:37 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Moll\Application Data\winscp.rnd
[2009/06/11 19:03:07 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/09 13:38:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Moll\Desktop\HijackThis.lnk
[2009/06/08 18:26:36 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Moll\Desktop\CCleaner.lnk
[2009/06/07 15:27:19 | 00,510,646 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/07 15:27:19 | 00,447,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/07 15:27:19 | 00,073,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/06 19:31:08 | 00,004,244 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/06/02 02:04:32 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/06/02 02:04:19 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2009/06/01 18:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/24 21:24:44 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\Moll\My Documents\desktop.ini
[2009/05/19 19:37:09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Moll\My Documents\text

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\AGRSMMSG.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\SWSTAMP.TXT:SummaryInformation
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:55 PM

Posted 15 June 2009 - 10:46 AM

Looks good. Let's just clean up a bit more.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O1 - Hosts: 127.0.0.1 update.bitdefender.com
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
    O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Pins

Pins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Currently in Austria!
  • Local time:12:55 AM

Posted 15 June 2009 - 03:45 PM

Heyas, everything has been running fine. No pop-ups and no beeping!
Thankies for your help. =]

Here's the results of the fix:
========== OTL ==========
127.0.0.1 update.bitdefender.com removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1680809107-1527604292-2322255829-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1680809107-1527604292-2322255829-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1680809107-1527604292-2322255829-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_14d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a64.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTL by OldTimer - Version 2.1.1.0 log created on 06152009_190631

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_14d8.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_a64.dat moved successfully.

Registry entries deleted on Reboot...



Here's the new OTL Log:
OTL logfile created on: 15/06/2009 22:32:15 - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Moll\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 86.78% Memory free
3.83 Gb Paging File | 3.11 Gb Available in Paging File | 81.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 6.26 Gb Free Space | 8.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIOBHAN
Current User Name: Moll
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/14 02:12:39 | 00,512,000 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2009/02/06 13:11:05 | 00,113,152 | ---- | M] () -- C:\WINDOWS\system32\services.exe
PRC - [2008/04/14 02:12:24 | 00,014,848 | ---- | M] () -- C:\WINDOWS\system32\lsass.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2009/03/24 13:11:44 | 00,415,024 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/03/27 15:24:30 | 01,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\svchost.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2006/08/02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2009/06/15 21:57:55 | 00,028,672 | -H-- | M] () -- C:\Documents and Settings\Moll\kgbykse.exe
PRC - [2008/04/14 02:12:19 | 01,036,288 | ---- | M] () -- C:\WINDOWS\Explorer.EXE
PRC - [2006/08/02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2003/02/25 07:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/02/25 07:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2008/04/14 02:12:36 | 00,058,880 | ---- | M] () -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2009/06/15 19:27:27 | 00,122,884 | ---- | M] () -- C:\WINDOWS\msa.exe
PRC - [2008/11/14 00:08:30 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2006/02/02 13:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/08/03 15:26:14 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2006/08/25 14:47:12 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
PRC - [2006/06/29 09:41:22 | 00,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2006/03/03 01:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/05/12 11:31:38 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2006/05/05 15:59:16 | 16,206,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/08/02 02:38:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2006/08/02 02:32:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2006/03/03 00:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/08/03 15:26:02 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/10/06 06:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2008/04/13 04:56:56 | 00,088,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2006/03/16 22:58:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/01/17 13:57:19 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/08 12:29:40 | 00,778,240 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2005/04/11 12:26:06 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
PRC - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/08/02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2008/04/14 02:12:36 | 00,017,408 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2006/02/07 17:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2009/03/26 22:57:36 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2001/11/12 14:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/03/26 22:57:32 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/03/26 22:57:52 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2009/04/15 14:33:08 | 00,438,272 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2006/08/02 02:27:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [1998/05/29 00:00:00 | 00,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mdm.exe
PRC - [2009/03/13 12:21:26 | 00,675,840 | ---- | M] (BitDefender S.R.L) -- C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
PRC - [2009/04/21 14:44:30 | 01,435,488 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/10 18:57:16 | 00,308,216 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
PRC - [2009/03/19 17:11:24 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/06/14 23:54:01 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moll\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/01/20 19:16:20 | 00,172,032 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/22 08:48:56 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2005/01/18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2009/02/06 13:11:05 | 00,113,152 | ---- | M] () -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
SRV - [2006/08/02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/11/14 00:08:30 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c945dc9d3992cc [Auto | Stopped])
SRV - [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/02/25 07:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2009/03/24 13:11:44 | 00,415,024 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/04/14 02:12:24 | 00,014,848 | ---- | M] () -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/14 02:12:24 | 00,014,848 | ---- | M] () -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
SRV - [2006/05/01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2009/02/06 13:11:05 | 00,113,152 | ---- | M] () -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
SRV - [2008/04/14 02:12:24 | 00,014,848 | ---- | M] () -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Running])
SRV - [2008/04/14 02:12:24 | 00,014,848 | ---- | M] () -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
SRV - [2006/08/02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2007/11/06 22:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2006/08/02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/04/14 02:12:24 | 00,014,848 | ---- | M] () -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
SRV - [2009/03/16 12:40:52 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2008/08/07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2007/02/05 11:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
SRV - [2008/04/14 02:12:36 | 00,058,880 | ---- | M] () -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
SRV - [2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/02/05 11:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2006/02/07 17:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
SRV - [2008/12/01 11:49:02 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])
SRV - [2009/03/26 22:57:32 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService [Auto | Running])
SRV - [2009/03/26 22:57:52 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])
SRV - [2009/03/26 22:57:36 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [Auto | Running])
SRV - [2009/03/27 15:24:30 | 01,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2001/11/12 14:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/12/03 21:18:03 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/12/13 18:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/04/02 02:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2006/03/22 08:56:24 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008/09/18 12:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
DRV - [2009/02/12 16:52:40 | 00,104,328 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\system32\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV - [2008/12/10 20:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
DRV - [2009/02/26 16:29:40 | 00,137,224 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV - [2009/01/12 12:27:58 | 00,008,832 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
DRV - [2008/10/06 18:16:16 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK [Auto | Running])
DRV - [2004/08/11 16:39:38 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/10/06 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/01/13 01:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/03/26 22:58:34 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running])
DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/03/23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2006/05/05 16:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/09/11 00:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2003/01/29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])
DRV - [2006/07/26 19:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
DRV - [2008/04/13 20:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2008/05/07 08:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/05/07 08:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2007/11/06 22:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2006/05/01 22:04:00 | 03,643,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2003/09/19 16:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
DRV - [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/08/20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2006/08/02 03:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 12:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/03/20 20:49:27 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/03/03 00:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/11/30 19:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2005/09/09 15:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
DRV - [2005/10/20 15:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])
DRV - [2006/05/30 17:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])
DRV - [2008/06/06 10:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 20:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/05/07 08:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2009/03/26 22:58:38 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\Drivers\vmci.sys -- (vmci [Auto | Running])
DRV - [2009/03/26 22:58:38 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])
DRV - [2009/03/26 17:31:12 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])
DRV - [2009/03/26 17:31:12 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running])
DRV - [2009/03/26 22:58:34 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])
DRV - [2009/03/26 22:58:36 | 00,857,520 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\Drivers\vmx86.sys -- (vmx86 [Auto | Running])
DRV - [2008/12/01 11:47:08 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])
DRV - [2006/03/13 16:49:54 | 00,060,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300bus.sys -- (w300bus [On_Demand | Stopped])
DRV - [2006/03/13 18:50:00 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])
DRV - [2006/03/13 18:50:02 | 00,096,352 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300mdm.sys -- (w300mdm [On_Demand | Stopped])
DRV - [2006/03/13 18:50:06 | 00,087,824 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300mgmt.sys -- (w300mgmt [On_Demand | Stopped])
DRV - [2006/03/13 18:50:08 | 00,085,696 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w300obex.sys -- (w300obex [On_Demand | Stopped])
DRV - [2005/11/28 11:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])
DRV - [2008/09/02 14:32:06 | 00,013,056 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Running])
DRV - [2009/04/03 17:49:38 | 00,039,808 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\S-1-5-21-1680809107-1527604292-2322255829-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2009/05/29 00:55:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/06/07 15:18:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/06 14:05:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\ [2009/06/15 20:48:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5b99\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3.1 BETA 3\COMPONENTS [2009/06/15 20:54:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5b99\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3.1 BETA 3\PLUGINS [2009/06/15 17:08:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\TBEXTENSION\ [2009/06/15 20:48:40 | 00,000,000 | ---D | M]

[2009/04/13 21:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Extensions
[2008/04/28 18:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/13 21:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/06/15 19:21:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\kib57n23.default\extensions
[2009/03/15 15:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\kib57n23.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/01/08 14:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\kib57n23.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/05/31 22:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Moll\Application Data\mozilla\Firefox\Profiles\vvag9r5j.default\extensions
[2009/04/26 14:46:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/31 22:23:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/14 21:28:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/03 21:03:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/04 13:13:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/03 19:20:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/03 16:10:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/06 14:06:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/06 14:47:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

O1 HOSTS File: (775 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [qgy] C:\WINDOWS\system32\qgy.exe \u ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-1680809107-1527604292-2322255829-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.may.ie/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1177852237109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Documents) - File not found
O20 - HKLM Winlogon: UserInit - (and) - File not found
O20 - HKLM Winlogon: UserInit - (Settings\Moll\kgbykse.exe) - File not found
O20 - HKLM Winlogon: UserInit - (\s) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 16:00:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/15 20:04:58 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/06/15 20:54:08 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/06/15 20:54:06 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/06/15 20:49:13 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Total Security 2009.lnk
[2009/06/15 20:49:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\BitDefender
[2009/06/15 20:49:11 | 00,000,000 | ---D | C] -- C:\Binaries
[2009/06/15 20:48:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/06/15 20:47:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/06/15 20:27:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/15 19:27:31 | 00,122,884 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/06/15 19:27:28 | 00,000,238 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/15 19:21:24 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\qgy.exe
[2009/06/15 19:21:05 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\kr_done1
[2009/06/15 19:06:31 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/14 23:56:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\Malwarebytes
[2009/06/14 23:56:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 23:56:32 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/14 23:56:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/14 23:56:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/14 23:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/14 23:54:01 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Moll\Desktop\OTL.exe
[2009/06/11 21:39:57 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 21:39:57 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/09 13:38:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Moll\Desktop\HijackThis.lnk
[2009/06/09 13:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/08 11:23:38 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/07 17:42:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Desktop\Windows
[2009/06/07 15:14:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/07 15:14:31 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/07 15:14:17 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/07 15:10:37 | 00,000,000 | ---D | C] -- C:\459e24ff266ade577bff9755ea54
[2009/06/06 19:56:49 | 26,739,22048 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/06 19:22:51 | 00,004,244 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/06/04 21:10:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\Download Manager
[2009/06/02 10:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Desktop\Ubuntu 8.10 Desktop
[2009/06/02 02:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\VMware
[2009/06/02 02:05:32 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/06/02 02:05:32 | 00,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2009/06/02 02:05:25 | 00,326,192 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2009/06/02 02:05:21 | 00,399,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2009/06/02 02:05:20 | 00,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2009/06/02 02:05:13 | 00,050,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetbridge.dll
[2009/06/02 02:05:13 | 00,031,280 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetbridge.sys
[2009/06/02 02:05:13 | 00,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2009/06/02 02:05:09 | 00,723,504 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2009/06/02 02:04:40 | 00,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2009/06/02 02:04:32 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/06/02 02:04:19 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2009/06/02 02:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2009/06/02 02:03:51 | 00,000,000 | ---D | C] -- C:\Program Files\VMware
[2009/05/24 14:49:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/24 14:42:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/24 13:55:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/05/24 13:51:21 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/19 18:39:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Moll\My Documents\text
[2009/05/19 17:41:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Moll\Application Data\FileZilla
[2009/04/12 19:57:32 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/03 16:13:07 | 00,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/10/09 16:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/08/26 18:43:58 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/06/04 18:18:01 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008/05/24 22:13:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008/05/24 22:12:43 | 00,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/05/24 21:11:38 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/05/19 19:31:38 | 00,000,260 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/09 17:54:53 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/17 15:06:27 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/01/09 16:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/09 01:46:09 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/12/02 21:56:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/12/02 17:41:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/11/06 22:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/07/25 10:57:13 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/17 01:30:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/18 14:44:46 | 00,000,277 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/25 15:46:07 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/25 15:42:52 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE PM240EU.ini
[2006/12/09 14:18:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/09/14 14:22:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/14 14:09:00 | 00,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006/09/14 13:15:49 | 00,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/14 12:06:12 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/14 11:58:44 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/14 11:58:44 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/14 11:58:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/14 11:58:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/14 11:58:44 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/14 11:58:44 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/14 11:54:03 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/09/14 11:54:03 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/09/14 10:49:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/09/14 10:28:39 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/14 10:28:39 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/14 10:28:39 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/14 10:28:39 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/14 10:25:44 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/14 09:51:54 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/09/14 09:51:54 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006/09/14 01:11:25 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/14 01:11:24 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/14 01:11:24 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/14 01:11:23 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/14 01:11:22 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/13 14:43:07 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006/09/13 14:43:07 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/13 14:42:24 | 00,000,900 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/09/13 14:42:21 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/01/30 23:15:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/09 13:59:02 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2005/09/02 15:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/04/24 00:00:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/07/11 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/06/15 22:12:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/15 22:12:04 | 00,000,238 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/15 22:11:57 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/15 22:11:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/15 22:11:49 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Moll\Local Settings\desktop.ini
[2009/06/15 22:11:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/15 22:11:42 | 26,739,22048 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/15 22:10:23 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/06/15 22:10:04 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/06/15 22:03:55 | 00,000,775 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/15 21:59:45 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/15 20:54:08 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/06/15 20:54:06 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/06/15 20:49:13 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Total Security 2009.lnk
[2009/06/15 20:02:33 | 00,156,000 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Moll\Desktop\bitdefender_tsecurity.exe
[2009/06/15 19:27:27 | 00,122,884 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/06/15 19:26:50 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2009/06/15 19:21:18 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\qgy.exe
[2009/06/14 23:56:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 23:54:01 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moll\Desktop\OTL.exe
[2009/06/12 00:14:57 | 00,000,900 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/12 00:14:57 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/06/12 00:11:27 | 01,550,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 22:47:37 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Moll\Application Data\winscp.rnd
[2009/06/11 19:03:07 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/09 13:38:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Moll\Desktop\HijackThis.lnk
[2009/06/08 18:26:36 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Moll\Desktop\CCleaner.lnk
[2009/06/07 15:27:19 | 00,510,646 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/07 15:27:19 | 00,447,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/07 15:27:19 | 00,073,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/06 19:31:08 | 00,004,244 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/06/02 02:04:32 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/06/02 02:04:19 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2009/06/01 18:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/24 21:24:44 | 00,000,075 | -HS- | M] () -- C:\Documents and Settings\Moll\My Documents\desktop.ini
[2009/05/19 19:37:09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Moll\My Documents\text
[2009/05/17 23:22:07 | 00,000,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\AGRSMMSG.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\SWSTAMP.TXT:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Moll\kgbykse.exe:SummaryInformation
< End of report >


Fingers crossed things are goodo! =]

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:55 PM

Posted 16 June 2009 - 09:05 AM

We're not quite done yet. I see something new popped up.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - [2009/06/15 21:57:55 | 00,028,672 | -H-- | M] () -- C:\Documents and Settings\Moll\kgbykse.exe
    PRC - [2009/06/15 19:27:27 | 00,122,884 | ---- | M] () -- C:\WINDOWS\msa.exe
    O4 - HKLM..\Run: [qgy] C:\WINDOWS\system32\qgy.exe \u ()
    O20 - HKLM Winlogon: UserInit - (C:\Documents) - File not found
    O20 - HKLM Winlogon: UserInit - (and) - File not found
    O20 - HKLM Winlogon: UserInit - (Settings\Moll\kgbykse.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (\s) - File not found
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Moll\kgbykse.exe:SummaryInformation
    
    
    :Files
    C:\Documents and Settings\Moll\kgbykse.exe
    C:\WINDOWS\msa.exe
    C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
    C:\WINDOWS\System32\qgy.exe
    C:\WINDOWS\System32\kr_done1
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

===================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Pins

Pins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Currently in Austria!
  • Local time:12:55 AM

Posted 16 June 2009 - 10:48 AM

Hello there.
I did what you asked and when it rebooted my computer logged itself off straight away. So basically it won't log in!!!
Sooo... Little help!! D':

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:55 PM

Posted 16 June 2009 - 04:57 PM

See if you can get to the boot menu. When your computer begins to start up, begin tapping the F8 key repeatedly until you get to the boot menu. Then you should see several options. Select Last known good configuration and see if that will allow you to boot up normally. If that doesn't work, try booting into safe mode.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Pins

Pins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Currently in Austria!
  • Local time:12:55 AM

Posted 17 June 2009 - 09:34 AM

I tried that (last good configuration known) already and it doesn't work.
I tried Safe Mode; same thing.
I tried Safe Mode with command prompt; same thing.

I would've told you that yesterday only I didn't have access to a computer again until now!

A friend of mine is going to reinstall an OS on my computer and he'll be able to save my files somehow.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:55 PM

Posted 17 June 2009 - 10:58 AM

If you can get access to a Windows XP installation disc you can do a repair installation and not lose anything.

http://michaelstevenstech.com/XPrepairinstall.htm
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Pins

Pins
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Currently in Austria!
  • Local time:12:55 AM

Posted 18 June 2009 - 05:21 AM

I don't have access to XP installation discs with me sooo I'm now running Ubuntu. =D
Everything's good and I have my files.
Thanks.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:55 PM

Posted 18 June 2009 - 10:49 AM

Ok.

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users