Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

log file


  • This topic is locked This topic is locked
10 replies to this topic

#1 Eman70

Eman70

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 08 September 2009 - 06:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:38 PM, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CpuUsage\CpuUsage.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 68.82.53.65 idenupdate.motorola.com
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with GPL - C:\Program Files\GetPicturesList\GPL_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GPL - C:\Program Files\GetPicturesList\GPL_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: GPL: Thumbnails to Pictures - C:\Program Files\GetPicturesList\GPL_pics.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145422469194
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145425775140
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O18 - Protocol: bw+0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F9FC85F2-3858-4E0A-B55E-EB24602055E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CpuUsage (CpuUsageServ) - OuterTechnologies - C:\PROGRA~1\CpuUsage\CpuUsage.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCAutoShutdown_Service - Unknown owner - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 21694 bytes

BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:04:54 AM

Posted 23 September 2009 - 06:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 Eman70

Eman70
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 25 September 2009 - 04:28 AM

Thanks...


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 2:04:37.75 on Fri 09/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.807 [GMT -7:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
svchost.exe
C:\PROGRA~1\CpuUsage\CpuUsage.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: : {02dca195-602b-4b1f-83ff-381b7e804bdb} - c:\windows\system32\HDBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C70E30C7-140A-4166-A2E8-43557E62B41A} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Index Washer] c:\program files\webroot\washer\WashIdx.exe "Owner"
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download all with GPL - c:\program files\getpictureslist\GPL_all.htm
IE: Download ALL with IDA
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: Download with GPL - c:\program files\getpictureslist\GPL_link.htm
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: GPL: Thumbnails to Pictures - c:\program files\getpictureslist\GPL_pics.htm
IE: {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - c:\program files\travelaxe\Travelaxe.exe
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145422469194
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145425775140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\o638ow2a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\o638ow2a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-10-25 15424]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-22 353680]
R2 CpuUsageServ;CpuUsage;c:\progra~1\cpuusage\CpuUsage.exe [2006-5-28 442368]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-16 55152]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-10-25 552064]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\pc auto shutdown\ShutdownService.exe [2007-2-21 451584]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2007-8-16 99248]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-1-2 42112]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-9-17 185504]
S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [2007-9-17 6272]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-09-21 15:33 152,368 a------- c:\windows\system32\WIN2PDFS.DLL
2009-09-21 15:33 22,832 a------- c:\windows\system32\WIN2PDFM.DLL
2009-09-21 15:33 2 a------- c:\windows\1way.ini
2009-09-08 12:04 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-05 00:46 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-09-21 16:27 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 09:12 17,408 a------- c:\windows\system32\corpol.dll
2005-05-13 18:12 217,073 a--shr-- c:\windows\meta4.exe
2005-10-24 12:13 66,560 a--shr-- c:\windows\MOTA113.exe
2005-10-13 22:27 422,400 a--shr-- c:\windows\x2.64.exe
2006-08-24 19:14 168 ---shr-- c:\windows\system32\65E911A999.sys
2005-10-07 20:14 308,224 a--shr-- c:\windows\system32\avisynth.dll
2005-07-14 13:31 27,648 a--shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 16:32 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2005-06-21 23:37 45,568 a--shr-- c:\windows\system32\cygz.dll
2004-01-25 01:00 70,656 a--shr-- c:\windows\system32\i420vfw.dll
2006-08-24 19:14 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2006-04-27 11:24 2,945,024 a--shr-- c:\windows\system32\Smab.dll
2005-02-28 14:16 240,128 a--shr-- c:\windows\system32\x.264.exe
2004-01-25 01:00 70,656 a--shr-- c:\windows\system32\yv12vfw.dll

============= FINISH: 2:05:29.78 ===============

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:54 AM

Posted 30 September 2009 - 07:10 AM

Hello and welcome to Bleeping Computer

We apologize for the renewed delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Eman70

Eman70
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 30 September 2009 - 09:44 PM

OTL logfile created on: 9/30/2009 7:11:07 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 52.36% Memory free
1.83 Gb Paging File | 1.41 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.04 Gb Total Space | 26.10 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.27 Gb Free Space | 62.62% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2002/02/23 00:19:44 | 00,442,368 | ---- | M] (OuterTechnologies) -- C:\Program Files\CpuUsage\CpuUsage.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/05/25 09:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdccoms.exe
PRC - [2007/10/25 18:42:30 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2007/01/18 22:58:12 | 00,451,584 | ---- | M] () -- C:\Program Files\PC Auto Shutdown\ShutdownService.exe
PRC - [2006/04/18 20:23:43 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/25 18:42:30 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2007/01/13 09:47:04 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/09/21 16:27:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2004/08/04 12:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/09/21 16:27:27 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/30 19:08:01 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/04/21 17:46:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002/02/23 00:19:44 | 00,442,368 | ---- | M] (OuterTechnologies) -- C:\Program Files\CpuUsage\CpuUsage.exe -- (CpuUsageServ [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/09/21 16:27:26 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/05/25 09:38:38 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe -- (lxdcCATSCustConnectService [Auto | Stopped])
SRV - [2007/05/25 09:38:20 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/10/25 18:42:30 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2003/07/28 09:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/01/18 22:58:12 | 00,451,584 | ---- | M] () -- C:\Program Files\PC Auto Shutdown\ShutdownService.exe -- (PCAutoShutdown_Service [Auto | Running])
SRV - [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2006/04/18 20:23:43 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2007/02/06 22:08:12 | 00,074,656 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/10/09 15:25:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2007/01/25 16:37:16 | 04,027,456 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2004/08/04 12:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2007/10/25 18:42:30 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2004/08/04 12:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2005/02/01 11:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped])
DRV - [2005/02/11 07:46:00 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2005/03/31 00:46:10 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
DRV - [2005/03/31 00:46:58 | 00,350,976 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
DRV - [2004/08/04 12:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/05/28 18:22:06 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/09/27 17:12:30 | 00,010,664 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\System32\DRIVERS\gan_adapter.sys -- (hamachi_oem [On_Demand | Stopped])
DRV - [2005/03/08 04:43:26 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/03/08 04:43:26 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/03/08 04:43:28 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/05/22 19:30:54 | 00,222,720 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/05/22 19:31:46 | 01,034,752 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/01/13 10:33:18 | 05,672,032 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2005/08/15 11:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [Boot | Running])
DRV - [2005/08/15 11:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [Boot | Running])
DRV - [2009/04/22 16:27:29 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/03/16 21:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/05/04 18:04:04 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2007/05/04 17:54:08 | 00,022,528 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2004/08/04 12:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2001/08/17 06:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\DRIVERS\mxnic.sys -- (mxnic [On_Demand | Stopped])
DRV - [2007/10/25 18:42:30 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2004/08/03 15:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 12:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/11/26 05:25:44 | 00,039,552 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2006/05/28 18:08:39 | 00,642,560 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/04/21 08:19:58 | 00,051,648 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2004/08/04 12:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/11/04 18:47:00 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2005/03/15 21:43:06 | 00,159,488 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2004/08/04 12:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 11:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2006/06/27 11:25:26 | 00,185,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0250Dev.sys -- (V0250Dev [On_Demand | Stopped])
DRV - [2006/03/24 16:24:32 | 00,006,272 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0250Vfx.sys -- (V0250Vfx [On_Demand | Stopped])
DRV - [2008/10/09 15:25:36 | 00,353,680 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2005/05/22 19:30:42 | 00,716,288 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2005/09/19 08:41:00 | 00,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\S-1-5-21-3854091861-1811587766-2774378368-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?.home=ytff"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07051001
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 16:04:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 13:06:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/12 19:24:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 19:24:39 | 00,000,000 | ---D | M]

[2008/08/26 14:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/26 14:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/29 02:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\o638ow2a.default\extensions
[2009/09/03 01:37:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\o638ow2a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/20 16:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\o638ow2a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/05/11 18:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\o638ow2a.default\extensions\{A02F7FD4-C986-11DA-8C49-A608609EF0F0}(2)
[2006/05/11 18:05:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\o638ow2a.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(2)
[2009/09/22 13:39:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\o638ow2a.default\extensions\firefox1@myibay.com
[2007/09/08 16:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\o638ow2a.default\extensions\moveplayer@movenetworks.com
[2006/11/08 14:15:02 | 00,001,390 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\o638ow2a.default\searchplugins\celebworld.xml
[2009/03/17 16:05:37 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\o638ow2a.default\searchplugins\live-search.xml
[2009/08/15 15:25:59 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\o638ow2a.default\searchplugins\search-the-web.xml
[2006/11/08 14:15:04 | 00,001,339 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\o638ow2a.default\searchplugins\seedler.xml
[2009/09/29 02:44:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/12 19:24:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/17 16:04:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 15:12:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 15:33:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/12 19:24:29 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 19:24:29 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/10/17 11:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/15 17:12:12 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/11/29 17:32:30 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2006/09/16 16:52:57 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/09/12 19:24:32 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/11/16 19:18:38 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/20 21:28:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/20 21:28:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/20 21:28:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/20 21:28:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/20 21:28:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/20 21:28:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/20 21:28:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/11/16 19:19:03 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2006/11/16 19:18:24 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/01/18 12:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/08/15 15:08:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/15 15:08:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/15 15:08:41 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/15 15:08:41 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/15 15:08:41 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/15 15:08:41 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/15 15:08:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (334529 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 68.82.53.65 idenupdate.motorola.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11488 more lines...
O2 - BHO: () - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\System32\HDBHO.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - Reg Error: Value error. File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download all with GPL - C:\Program Files\GetPicturesList\GPL_all.htm ()
O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Download with GPL - C:\Program Files\GetPicturesList\GPL_link.htm ()
O8 - Extra context menu item: Download with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: GPL: Thumbnails to Pictures - C:\Program Files\GetPicturesList\GPL_pics.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3854091861-1811587766-2774378368-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1145422469194 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1145425775140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{938fb8a9-cf57-11da-91a3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{938fb8a9-cf57-11da-91a3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/09/30 19:07:54 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/30 18:01:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MUSIC
[2009/09/25 20:13:40 | 00,730,109 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attachments_2009_09_25.zip
[2009/09/25 02:25:22 | 00,004,838 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/09/25 02:08:40 | 00,029,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cf.jpg
[2009/09/24 20:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\cd
[2009/09/24 20:17:13 | 00,607,934 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attachments_2009_09_24.zip
[2009/09/24 13:48:11 | 00,040,210 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\9f4dcfd47adc57336125b1d6359323cb.gif
[2009/09/21 15:33:38 | 00,152,368 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2009/09/21 15:33:38 | 00,022,832 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2009/09/21 15:33:36 | 00,000,002 | ---- | C] () -- C:\WINDOWS\1way.ini
[2009/09/20 22:09:34 | 02,718,080 | ---- | C] (Dane Prairie Systems, LLC. ) -- C:\Documents and Settings\Owner\Desktop\w2pdf_setup.exe
[2009/09/20 01:04:44 | 00,004,489 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MMS_WiFiBrowser.zip
[2009/09/20 01:01:46 | 00,003,115 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Combined3.zip
[2009/09/18 10:57:50 | 00,042,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\l_181aa68e6b3186f5cf1b6fd8ad0b60bf.jpg
[2009/09/17 02:51:12 | 11,086,360 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dap93.exe
[2009/09/17 02:50:20 | 29,235,200 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ApploaderWebSL-Upgrade.msi
[2009/09/08 12:04:14 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/06 05:09:05 | 13,322,03520 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/05 00:46:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/07 22:13:55 | 00,000,103 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/15 17:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 17:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/15 17:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/15 17:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/20 15:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/03/20 14:59:43 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/03/20 14:53:44 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2008/03/20 14:53:28 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/03/20 14:53:11 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/03/20 14:52:11 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/10/25 18:10:57 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2007/09/24 17:56:09 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/08/16 13:13:44 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll
[2007/08/16 13:13:43 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll
[2007/08/16 13:12:58 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini
[2007/08/16 13:12:09 | 01,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll
[2007/08/16 13:12:09 | 00,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll
[2007/08/16 13:12:09 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll
[2007/08/16 13:12:09 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll
[2007/08/16 13:12:09 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll
[2007/08/16 13:12:09 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll
[2007/08/16 13:12:09 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll
[2007/08/16 13:12:09 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll
[2007/08/16 13:12:08 | 00,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll
[2007/08/16 13:12:08 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll
[2007/08/16 13:12:08 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll
[2007/08/16 13:12:08 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll
[2007/08/16 13:12:08 | 00,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll
[2007/08/16 13:12:08 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll
[2007/04/02 18:02:51 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/04/02 18:02:45 | 00,000,099 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini
[2007/03/14 19:48:45 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/14 18:30:56 | 00,000,093 | ---- | C] () -- C:\WINDOWS\vmreg32.dll
[2007/01/22 15:08:06 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/12/30 20:28:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/12/30 20:09:06 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/12/05 19:33:49 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/12/05 19:28:51 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/12/05 19:22:18 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPR340.ini
[2006/10/30 15:13:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/21 18:11:19 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\wrnreg5.sys
[2006/05/28 18:55:39 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\65E911A999.sys
[2006/05/28 18:49:34 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/28 18:22:06 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/05/28 18:08:39 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/05/28 18:08:39 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd5421.sys
[2006/05/11 18:45:28 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll
[2006/05/11 18:45:28 | 00,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2006/05/11 18:45:27 | 00,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2006/05/11 18:45:27 | 00,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2006/04/21 20:28:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/04/21 20:20:34 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/04/21 20:20:34 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/04/21 20:20:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/04/21 20:20:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/04/21 20:20:34 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/04/21 20:20:34 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/04/21 19:41:42 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/18 20:21:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/14 13:31:20 | 00,027,648 | RHS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2005/06/21 23:37:42 | 00,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2005/01/11 20:08:50 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\SafeIE.dll
[2004/08/27 03:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 00,001,264 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 00,000,489 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 09:12:17 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/26 09:09:01 | 00,000,795 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/13 03:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 12:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/09/30 19:08:01 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/28 16:27:31 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/25 20:13:41 | 00,730,109 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attachments_2009_09_25.zip
[2009/09/25 12:07:00 | 00,441,694 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/25 12:07:00 | 00,071,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/25 12:06:58 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/25 12:02:43 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/25 12:02:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/25 12:02:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/25 12:02:10 | 13,322,03520 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/25 03:37:20 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/09/25 02:26:12 | 00,004,838 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/09/25 02:08:40 | 00,029,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cf.jpg
[2009/09/25 01:52:51 | 00,334,529 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/25 01:04:33 | 00,000,795 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/25 01:04:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/25 01:04:33 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2009/09/24 20:17:14 | 00,607,934 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attachments_2009_09_24.zip
[2009/09/24 13:48:13 | 00,040,210 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\9f4dcfd47adc57336125b1d6359323cb.gif
[2009/09/21 16:27:41 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/20 22:09:57 | 02,718,080 | ---- | M] (Dane Prairie Systems, LLC. ) -- C:\Documents and Settings\Owner\Desktop\w2pdf_setup.exe
[2009/09/20 01:04:44 | 00,004,489 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MMS_WiFiBrowser.zip
[2009/09/20 01:01:47 | 00,003,115 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Combined3.zip
[2009/09/18 10:57:51 | 00,042,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\l_181aa68e6b3186f5cf1b6fd8ad0b60bf.jpg
[2009/09/17 02:52:23 | 29,235,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ApploaderWebSL-Upgrade.msi
[2009/09/17 02:51:48 | 11,086,360 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dap93.exe
[2009/09/07 21:18:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/05 01:31:25 | 00,326,997 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090925-015251.backup

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >

OTL Extras logfile created on: 9/30/2009 7:11:07 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 52.36% Memory free
1.83 Gb Paging File | 1.41 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.04 Gb Total Space | 26.10 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.27 Gb Free Space | 62.62% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = GetDiz.Document] -- C:\Program Files\GetDiz\GetDiz.exe (Outer Technologies - http://outertech.com)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Power Renamer XP] -- "C:\Documents and Settings\Owner\Desktop\Power Renamer XP\Power Renamer XP.exe" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"31321:TCP" = 31321:TCP:*:Enabled:LBGH

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Disabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- ()
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\1145417251\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1145417251\EE\AOLServiceHost.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon -- File not found
"C:\Program Files\Verizon\Media Manager\MediaManager.exe" = C:\Program Files\Verizon\Media Manager\MediaManager.exe:*:Enabled:MediaManager -- (Verizon Data Services Inc.)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\SymplisIT\DriverMagic\DriverMagic.exe" = C:\Program Files\SymplisIT\DriverMagic\DriverMagic.exe:*:Enabled:DriverMagic Utilities -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdccoms.exe" = C:\WINDOWS\system32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdcjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Audio Bible Download Manager\FCBHDownloadManager3.exe" = C:\Program Files\Audio Bible Download Manager\FCBHDownloadManager3.exe:*:Enabled:Audio Bible Download Manager -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CDDD091-2037-4A8E-94A8-0EA0BFB15C82}" = RapidLeecher .Net v 5.0 - ALPHA TECHNOLOGY PREVIEW
"{4CE0F4F9-2678-4D04-ADF2-3F52AF0EDD00}" = Verizon Media Manager
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{61C3245C-40EF-4284-B59E-B1394BB47A6B}" = Media Downloader
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EC0571-4B4E-40C2-8A81-8C1B02D87DB0}" = iDEN Phonebook Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E79A36-41C3-490D-820C-A9EDDDD1DAD1}" = iDEN Phonebook Manager
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B611C23-ADB6-4F5E-A04A-959EB0D349F6}" = Winkflash Transporter
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AC76BA86-7AD7-2447-0000-705000000001}" = Adobe Reader Chinese Simplified Fonts
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C95F28-A6B0-4F27-8B65-D159225B87F6}" = Wi-Fi Connect
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Advanced Video FX Engine" = Advanced Video FX Engine
"Advanced Video FX Utility" = Advanced Video FX Utility
"BSPlayerf" = BS.Player FREE
"Canon ScanGear Toolbox" = Canon ScanGear Toolbox 2.6
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_0460107B" = Soft Data Fax Modem with SmartCP
"CpuUsage System Service 1.0" = CpuUsage System Service 1.0
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
"Creative WebCam Center" = Creative WebCam Center
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"FlashGet(JetCar)" = FlashGet(JetCar)
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"GetDiz 3.0" = GetDiz 3.0
"GetPicturesList" = GetPicturesList
"GetPicturesList ЯETA" = GetPicturesList ЯETA
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"iDEN Download Apps Utility" = iDEN Download Apps Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.4
"kazaalite202_is1" = Kazaa Lite K++ v2.4.3
"Lexmark 1300 Series" = Lexmark 1300 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NewsLeecher" = NewsLeecher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 antivirus system
"PC Auto Shutdown_is1" = PC Auto Shutdown 3.4
"Quick Screen Capture 2.2_is1" = Quick Screen Capture 2.2
"QuickPar" = QuickPar 0.9
"QuickSFV" = QuickSFV (Remove only)
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON SPR340 User's Guide
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SUPER ©" = SUPER © Version 2006.19 (FIX)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"Tag&Rename_is1" = Tag&Rename 3.2.5 rc 1
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"TreeSize Professional_is1" = TreeSize Professional 3.3.3
"Trillian" = Trillian
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Win2PDF_is1" = Win2PDF 3.40.1
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm Pro" = ZoneAlarm Pro

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2008 7:06:18 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3188, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Error - 10/22/2008 7:16:12 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3188, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Error - 3/6/2009 6:48:54 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11316
Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
occurred while attempting to read from the file: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

Error - 3/31/2009 5:27:06 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3334, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Error - 4/13/2009 10:15:20 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Error - 4/22/2009 7:27:00 PM | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/8/2009 7:10:57 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/8/2009 7:10:57 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/9/2009 1:52:06 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0445ceb0.

Error - 9/29/2009 5:34:04 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3523, faulting module
xul.dll, version 1.9.1.3523, fault address 0x000e18f3.

[ System Events ]
Error - 9/6/2009 1:25:08 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/6/2009 8:09:19 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdcCATSCustConnectService
service to connect.

Error - 9/6/2009 8:09:19 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxdcCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/8/2009 3:03:17 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdcCATSCustConnectService
service to connect.

Error - 9/8/2009 3:03:17 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxdcCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/25/2009 4:07:08 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdcCATSCustConnectService
service to connect.

Error - 9/25/2009 4:07:08 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxdcCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/25/2009 3:02:23 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdcCATSCustConnectService
service to connect.

Error - 9/25/2009 3:02:23 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxdcCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/27/2009 9:25:54 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:54 AM

Posted 01 October 2009 - 12:34 AM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

You also have Viewpoint installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


I would like you to run a couple more scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

as well as
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
Please post back with the logs from malwarebytes and rootrepeal in your next reply, as well as an description of the problems you are having.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:54 AM

Posted 06 October 2009 - 03:25 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:54 AM

Posted 11 October 2009 - 04:40 AM

Topic reopened. :(

Please provide the logs from Malwarebytes and Rootrepeal in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Eman70

Eman70
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 11 October 2009 - 04:48 AM

Thanks guys. ok, removed Viewpoint Media Player.

Malwarebytes' Anti-Malware 1.41
Database version: 2940
Windows 5.1.2600 Service Pack 3

10/10/2009 10:54:38 PM
mbam-log-2009-10-10 (22-54-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 206764
Time elapsed: 56 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02dca195-602b-4b1f-83ff-381b7e804bdb} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02dca195-602b-4b1f-83ff-381b7e804bdb} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\HDBHO.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Program Files\PC Auto Shutdown\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\TypingMaster\Run the Patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1027\A0122309.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1027\A0122311.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1027\A0122314.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/11 01:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000056
Image Path: \Driver\00000056
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA6C0E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA66E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA5B68000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xB9C97000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\***@hotmail.com\SharingMetadata\***@hotmail.com\DFSR\Staging\CS{C33C49C4-4B25-4FF7-2A4B-716E85F98891}\12\12-{80FE9503-E5F7-47CF-95FF-5B5A9DBDB082}-v12-{80FE9503-E5F7-47CF-95FF-5B5A9DBDB082}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6db46e0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc1490

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6db4c70

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc1d10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc1ac0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xb9edcc7e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xb9edcff6

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc2230

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc22b0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6db4ad0

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xb9edca18

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xb9edd0c0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xb9edcf58

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc2970

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc23d0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc27c0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6db4ea0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xa6dc1800

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a3c0708 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x89b190e8 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x8a378450 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x8a378450 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a378450 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a378450 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x8a378450 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a378450 Size: 15

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x8a378450 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x8a376a40 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x8a376a40 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a376a40 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a376a40 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x8a376a40 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a376a40 Size: 15

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x8a376a40 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x8a3c00e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c00e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c00e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c00e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x8a3c00e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c00e8 Size: 15

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x8a3c00e8 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x8a3c23d0 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c23d0 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c23d0 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c23d0 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x8a3c23d0 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c23d0 Size: 15

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x8a3c23d0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x8a3c2eb0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c2eb0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c2eb0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c2eb0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x8a3c2eb0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c2eb0 Size: 15

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x8a3c2eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x8a376eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x8a376eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a376eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a376eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x8a376eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a376eb0 Size: 15

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x8a376eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]
Process: System Address: 0x8a16daf0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]
Process: System Address: 0x8a16daf0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a16daf0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a16daf0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]
Process: System Address: 0x8a16daf0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a16daf0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]
Process: System Address: 0x8a16daf0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a1dd860 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x8a3c1eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c1eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c1eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c1eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x8a3c1eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c1eb0 Size: 15

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x8a3c1eb0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x8a3c09c0 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x8a3c2940 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c2940 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c2940 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c2940 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x8a3c2940 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c2940 Size: 15

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x8a3c2940 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x8a3c1bf8 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c1bf8 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c1bf8 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c1bf8 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x8a3c1bf8 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c1bf8 Size: 15

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x8a3c1bf8 Size: 15

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CREATE]
Process: System Address: 0x8a3c0c78 Size: 15

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c0c78 Size: 15

Object: Hidden Code [Driver: imagedrv, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c0c78 Size: 15

Object: Hidden Code [Driver: imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c0c78 Size: 15

Object: Hidden Code [Driver: imagedrv, IRP_MJ_POWER]
Process: System Address: 0x8a3c0c78 Size: 15

Object: Hidden Code [Driver: imagedrv, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c0c78 Size: 15

Object: Hidden Code [Driver: imagedrv, IRP_MJ_PNP]
Process: System Address: 0x8a3c0c78 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x8a377b78 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x8a377b78 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a377b78 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a377b78 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x8a377b78 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a377b78 Size: 15

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x8a377b78 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x8a3c1940 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c1940 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c1940 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c1940 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x8a3c1940 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c1940 Size: 15

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x8a3c1940 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x8a378708 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x8a378708 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a378708 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a378708 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x8a378708 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a378708 Size: 15

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x8a378708 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x8a377e30 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x8a377e30 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a377e30 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a377e30 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x8a377e30 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a377e30 Size: 15

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x8a377e30 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a3c3a40 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x8a3c1688 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c1688 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c1688 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c1688 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x8a3c1688 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c1688 Size: 15

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x8a3c1688 Size: 15

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x8a377608 Size: 15

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x8a377608 Size: 15

Object: Hidden Code [Driver: sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a377608 Size: 15

Object: Hidden Code [Driver: sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a377608 Size: 15

Object: Hidden Code [Driver: sym_u3, IRP_MJ_POWER]
Process: System Address: 0x8a377608 Size: 15

Object: Hidden Code [Driver: sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a377608 Size: 15

Object: Hidden Code [Driver: sym_u3, IRP_MJ_PNP]
Process: System Address: 0x8a377608 Size: 15

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CREATE]
Process: System Address: 0x8a377350 Size: 15

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CLOSE]
Process: System Address: 0x8a377350 Size: 15

Object: Hidden Code [Driver: abp480n5, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a377350 Size: 15

Object: Hidden Code [Driver: abp480n5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a377350 Size: 15

Object: Hidden Code [Driver: abp480n5, IRP_MJ_POWER]
Process: System Address: 0x8a377350 Size: 15

Object: Hidden Code [Driver: abp480n5, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a377350 Size: 15

Object: Hidden Code [Driver: abp480n5, IRP_MJ_PNP]
Process: System Address: 0x8a377350 Size: 15

Object: Hidden Code [Driver: ql1080, IRP_MJ_CREATE]
Process: System Address: 0x8a3760e8 Size: 15

Object: Hidden Code [Driver: ql1080, IRP_MJ_CLOSE]
Process: System Address: 0x8a3760e8 Size: 15

Object: Hidden Code [Driver: ql1080, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3760e8 Size: 15

Object: Hidden Code [Driver: ql1080, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3760e8 Size: 15

Object: Hidden Code [Driver: ql1080, IRP_MJ_POWER]
Process: System Address: 0x8a3760e8 Size: 15

Object: Hidden Code [Driver: ql1080, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3760e8 Size: 15

Object: Hidden Code [Driver: ql1080, IRP_MJ_PNP]
Process: System Address: 0x8a3760e8 Size: 15

Object: Hidden Code [Driver: symc810, IRP_MJ_CREATE]
Process: System Address: 0x8a378c78 Size: 15

Object: Hidden Code [Driver: symc810, IRP_MJ_CLOSE]
Process: System Address: 0x8a378c78 Size: 15

Object: Hidden Code [Driver: symc810, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a378c78 Size: 15

Object: Hidden Code [Driver: symc810, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a378c78 Size: 15

Object: Hidden Code [Driver: symc810, IRP_MJ_POWER]
Process: System Address: 0x8a378c78 Size: 15

Object: Hidden Code [Driver: symc810, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a378c78 Size: 15

Object: Hidden Code [Driver: symc810, IRP_MJ_PNP]
Process: System Address: 0x8a378c78 Size: 15

Object: Hidden Code [Driver: hpn, IRP_MJ_CREATE]
Process: System Address: 0x8a3764d0 Size: 15

Object: Hidden Code [Driver: hpn, IRP_MJ_CLOSE]
Process: System Address: 0x8a3764d0 Size: 15

Object: Hidden Code [Driver: hpn, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3764d0 Size: 15

Object: Hidden Code [Driver: hpn, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3764d0 Size: 15

Object: Hidden Code [Driver: hpn, IRP_MJ_POWER]
Process: System Address: 0x8a3764d0 Size: 15

Object: Hidden Code [Driver: hpn, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3764d0 Size: 15

Object: Hidden Code [Driver: hpn, IRP_MJ_PNP]
Process: System Address: 0x8a3764d0 Size: 15

Object: Hidden Code [Driver: ql12160, IRP_MJ_CREATE]
Process: System Address: 0x8a376c78 Size: 15

Object: Hidden Code [Driver: ql12160, IRP_MJ_CLOSE]
Process: System Address: 0x8a376c78 Size: 15

Object: Hidden Code [Driver: ql12160, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a376c78 Size: 15

Object: Hidden Code [Driver: ql12160, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a376c78 Size: 15

Object: Hidden Code [Driver: ql12160, IRP_MJ_POWER]
Process: System Address: 0x8a376c78 Size: 15

Object: Hidden Code [Driver: ql12160, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a376c78 Size: 15

Object: Hidden Code [Driver: ql12160, IRP_MJ_PNP]
Process: System Address: 0x8a376c78 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x89d360e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x89d360e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d360e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89d360e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x89d360e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x89d360e8 Size: 15

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CREATE]
Process: System Address: 0x8a3789c0 Size: 15

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CLOSE]
Process: System Address: 0x8a3789c0 Size: 15

Object: Hidden Code [Driver: aic78xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3789c0 Size: 15

Object: Hidden Code [Driver: aic78xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3789c0 Size: 15

Object: Hidden Code [Driver: aic78xx, IRP_MJ_POWER]
Process: System Address: 0x8a3789c0 Size: 15

Object: Hidden Code [Driver: aic78xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3789c0 Size: 15

Object: Hidden Code [Driver: aic78xx, IRP_MJ_PNP]
Process: System Address: 0x8a3789c0 Size: 15

Object: Hidden Code [Driver: amsint, IRP_MJ_CREATE]
Process: System Address: 0x8a3c20e8 Size: 15

Object: Hidden Code [Driver: amsint, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c20e8 Size: 15

Object: Hidden Code [Driver: amsint, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c20e8 Size: 15

Object: Hidden Code [Driver: amsint, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c20e8 Size: 15

Object: Hidden Code [Driver: amsint, IRP_MJ_POWER]
Process: System Address: 0x8a3c20e8 Size: 15

Object: Hidden Code [Driver: amsint, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c20e8 Size: 15

Object: Hidden Code [Driver: amsint, IRP_MJ_PNP]
Process: System Address: 0x8a3c20e8 Size: 15

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CREATE]
Process: System Address: 0x8a3c0eb0 Size: 15

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c0eb0 Size: 15

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c0eb0 Size: 15

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c0eb0 Size: 15

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_POWER]
Process: System Address: 0x8a3c0eb0 Size: 15

Obj==EOF==

Edited by _temp_, 11 October 2009 - 05:27 PM.
removed email addresses


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:54 AM

Posted 11 October 2009 - 05:28 PM

Hi,

could you please give a description how your PC is running now?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:54 AM

Posted 18 October 2009 - 12:42 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users