Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HIJACKTHIS log.. Please help diagnose


  • Please log in to reply
13 replies to this topic

#1 ken-002

ken-002

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 20 October 2009 - 04:31 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:12 PM, on 10/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {041E1E86-D5F9-4550-B16C-1A24F5FCE813} - C:\WINDOWS\System32\dpwsockx32.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: precisead - {181c17c0-c01f-4f1c-8397-c65647e60916} - C:\WINDOWS\system32\nsx24.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\MsgUpdate.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: freedomltd browser enhancer - {765F0323-13C2-2CBB-07AC-F715B0324341} - C:\WINDOWS\system32\lfflhnudxfszndih.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [mbznmbzchdpcwnk] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\lfflhnudxfszndih.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1245349088218
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\cryptdlg32.dll
O20 - Winlogon Notify: 2bf6d0de687 - C:\WINDOWS\System32\cryptdlg32.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c00B4D32 - C:\WINDOWS\system32\__c00B4D32.dat
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 13710 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:33 AM

Posted 20 October 2009 - 06:16 PM

Hello ken-002

Welcome to Welcome to BleepingComputer :(
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 21 October 2009 - 05:31 PM

Thanks for the response. Here is the first report (extras.txt) from OTL

OTL Extras logfile created on: 10/21/2009 3:26:12 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Fly Boy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 31.70% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3840 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.94 Gb Total Space | 17.03 Gb Free Space | 25.83% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 0.52 Gb Free Space | 6.92% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC294771894831
Current User Name: Fly Boy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Fly Boy\Local Settings\Temp\hp_webrelease___\setup\HPZnet01.exe" = C:\Documents and Settings\Fly Boy\Local Settings\Temp\hp_webrelease___\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Fly Boy\Local Settings\Temp\hp_webrelease____\setup\HPZnet01.exe" = C:\Documents and Settings\Fly Boy\Local Settings\Temp\hp_webrelease____\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:5400 Series Server -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D0B12B6-F049-480E-BC5D-3F1F4B6C1E9F}" = Metro Hi Speed E-Mail Fax Tools Version 2.0 for Microsoft Outlook
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_913" = Adobe Acrobat 9.1.3 - CPSID_49522
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}" = HP User Guides 0026
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"373d316f-5de2-c630-a009-1781742aebff" = Contextual Tool Precisead
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"HP Rhapsody" = HP Rhapsody
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"xcsxofhxtfxwhx" = RON Too1 Freedomltd

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2009 8:18:54 PM | Computer Name = PC294771894831 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AVG
9.0\AVG TRAY ICON.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 10/18/2009 8:18:58 PM | Computer Name = PC294771894831 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AVG
9.0> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/18/2009 8:18:58 PM | Computer Name = PC294771894831 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AVG
9.0> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/18/2009 8:18:58 PM | Computer Name = PC294771894831 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AVG
9.0\UNINSTALL AVG.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 10/20/2009 11:45:52 AM | Computer Name = PC294771894831 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2009 11:48:58 AM | Computer Name = PC294771894831 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2009 2:01:34 PM | Computer Name = PC294771894831 | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2009 4:06:03 PM | Computer Name = PC294771894831 | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2009 5:47:25 PM | Computer Name = PC294771894831 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2009 5:49:43 PM | Computer Name = PC294771894831 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/20/2009 11:04:03 AM | Computer Name = PC294771894831 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 10/20/2009 11:19:30 AM | Computer Name = PC294771894831 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 10/20/2009 11:19:30 AM | Computer Name = PC294771894831 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 10/20/2009 11:20:46 AM | Computer Name = PC294771894831 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/20/2009 4:14:25 PM | Computer Name = PC294771894831 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 10/20/2009 4:14:25 PM | Computer Name = PC294771894831 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 10/20/2009 4:15:41 PM | Computer Name = PC294771894831 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/21/2009 4:22:48 PM | Computer Name = PC294771894831 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 10/21/2009 4:22:48 PM | Computer Name = PC294771894831 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 10/21/2009 4:24:08 PM | Computer Name = PC294771894831 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

#4 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 21 October 2009 - 05:34 PM

Here is the second report (OTL.txt)

OTL logfile created on: 10/21/2009 3:26:12 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Fly Boy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 31.70% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3840 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.94 Gb Total Space | 17.03 Gb Free Space | 25.83% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 0.52 Gb Free Space | 6.92% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC294771894831
Current User Name: Fly Boy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fly Boy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg9wd [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlusHelper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HP Port Resolver [On_Demand | Stopped]) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (HP Status Server [On_Demand | Stopped]) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 86 1E 1E 04 F9 D5 50 45 B1 6C 1A 24 F5 FC E8 13 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {47b6b561-24ac-4303-be98-8b2084357880}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/16 18:55:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 13:11:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/18 17:10:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/19 23:35:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/25 00:13:41 | 00,000,000 | ---D | M]

[2009/06/16 18:59:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Extensions
[2009/06/16 18:59:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/18 17:27:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions
[2009/08/06 18:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/18 17:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{47b6b561-24ac-4303-be98-8b2084357880}
[2009/12/13 19:55:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/01 12:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/21 15:17:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 12:37:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/18 18:21:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/16 18:55:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/02 06:34:10 | 01,335,808 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\components\831b1545-eea9-e6b6-031a-e8125bfc99b0.dll
[2009/08/04 12:36:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 12:36:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/06/16 18:55:33 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/04 12:36:57 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/25 00:13:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/25 00:13:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/25 00:13:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/07 12:44:18 | 00,030,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/02 16:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 16:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 16:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 16:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 16:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 16:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 16:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {041E1E86-D5F9-4550-B16C-1A24F5FCE813} - C:\WINDOWS\System32\dpwsockx32.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (precisead) - {181c17c0-c01f-4f1c-8397-c65647e60916} - C:\WINDOWS\System32\nsx24.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (MessengerUpdate Class) - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\MsgUpdate.dll (Pending Approval)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (freedomltd browser enhancer) - {765F0323-13C2-2CBB-07AC-F715B0324341} - C:\WINDOWS\System32\lfflhnudxfszndih.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DeleteLog] C:\WINDOWS\System32\oobe\DeleteLog.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mbznmbzchdpcwnk] C:\WINDOWS\System32\lfflhnudxfszndih.dll ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IgfxSys] File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1245349088218 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\cryptdlg32.dll) - C:\WINDOWS\System32\cryptdlg32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\__c00B4D32: DllName - C:\WINDOWS\system32\__c00B4D32.dat - C:\WINDOWS\System32\__c00B4D32.dat ()
O20 - Winlogon\Notify\2bf6d0de687: DllName - C:\WINDOWS\System32\cryptdlg32.dll - C:\WINDOWS\System32\cryptdlg32.dll File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/06/13 10:58:42 | 00,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 00,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2009/09/25 00:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/18 17:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/12 23:20:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/18 15:58:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\AVS4YOU
[2009/10/18 15:00:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\LimeWire
[2009/10/18 16:26:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\Messenger
[2009/10/18 16:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\Smart-Ads-Solutions
[2009/09/23 08:31:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\YouSendIt
[1 C:\Documents and Settings\Fly Boy\Desktop\*.tmp files]
[2009/10/20 13:17:40 | 00,000,000 | ---D | C] -- C:\Program Files\Bazooka Scanner
[2009/09/25 00:32:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/20 13:26:31 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/09/25 00:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2009/10/20 13:33:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/23 08:31:09 | 00,000,000 | ---D | C] -- C:\Program Files\YouSendIt
[2009/10/21 15:20:45 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fly Boy\Desktop\OTL.exe
[2009/10/18 17:18:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Desktop\hitechcard
[2009/10/18 17:11:43 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/18 17:11:12 | 00,161,672 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/10/18 17:11:12 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/18 17:11:11 | 00,356,616 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/18 17:11:08 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/18 17:11:08 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/18 17:11:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/18 17:02:38 | 93,477,512 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Fly Boy\Desktop\avg_avwt_stf_all_90_663a1706.exe
[2009/10/18 15:09:33 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\LocalService
[2009/06/16 16:04:24 | 00,458,854 | ---- | C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Fly Boy\Desktop\*.tmp files]
[2009/10/21 15:22:08 | 43,421,193 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/21 15:21:20 | 00,046,129 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/21 15:20:46 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fly Boy\Desktop\OTL.exe
[2009/10/21 13:21:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/21 13:21:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/21 13:21:42 | 13,403,29984 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/20 13:33:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\HijackThis.lnk
[2009/10/20 08:02:39 | 00,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/20 08:02:35 | 00,554,968 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/20 08:02:35 | 00,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/20 08:02:35 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/19 23:38:41 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\__c00B4D32.dat
[2009/10/19 15:16:46 | 00,086,005 | ---- | M] () -- C:\WINDOWS\System32\373d316f-5de2-c630-a009-1781742aebff.exe
[2009/10/18 17:25:14 | 00,048,265 | ---- | M] () -- C:\WINDOWS\System32\xcsxofhxtfxwhx.exe
[2009/10/18 17:15:30 | 00,000,108 | ---- | M] () -- C:\xcrashdump.dat
[2009/10/18 17:11:15 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/18 17:11:13 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/10/18 17:11:12 | 00,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/10/18 17:11:12 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/18 17:11:11 | 00,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/18 17:11:08 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/18 17:11:08 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/18 17:11:08 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/18 17:11:08 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/18 17:07:15 | 93,477,512 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Fly Boy\Desktop\avg_avwt_stf_all_90_663a1706.exe
[2009/10/18 17:02:30 | 00,003,010 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687P.manifest
[2009/10/18 16:46:16 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687C.manifest
[2009/10/18 16:43:27 | 00,000,621 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687O.manifest
[2009/10/18 16:43:16 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687S.manifest
[2009/10/18 16:37:46 | 00,114,904 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/18 16:33:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 16:32:13 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\kKdXtgvUvZ4sHKZ.vbs
[2009/10/18 16:31:59 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\eqCfvNS.vbs
[2009/10/18 16:27:34 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\mcavE.vbs
[2009/10/18 16:26:51 | 00,058,341 | ---- | M] () -- C:\WINDOWS\System32\u_bnhfxzhsiydflu.dll.exe
[2009/10/18 16:02:52 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\AVSDVDPlayer.m3u
[2009/10/18 15:42:33 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\JVOZHKL.vbs
[2009/10/18 15:38:30 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\Ff7uS5QuDt40d84.vbs
[2009/10/18 15:22:52 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\2kSUQAv.vbs
[2009/10/18 15:22:02 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\GFP3AVzB5DWFWne.vbs
[2009/10/18 15:21:31 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\pK4pe.vbs
[2009/10/18 15:18:29 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\ad8Bt.vbs
[2009/10/18 15:17:49 | 00,018,692 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2009/10/18 15:14:16 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\0XpVZY94y19Vvme.vbs
[2009/10/18 15:13:26 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\hUsbHAEXEZu82.vbs
[2009/10/18 15:11:31 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\9vwsYDv5EaM2g.vbs
[2009/10/18 15:09:34 | 00,001,382 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/18 15:09:22 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\tsOveiLCavcaL.vbs
[2009/10/18 11:42:36 | 02,269,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/18 11:24:14 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/17 16:17:40 | 00,156,160 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.doc
[2009/10/17 13:48:12 | 00,041,625 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.docx
[2009/10/17 13:22:24 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\~$co kick off report.docx
[2009/10/15 20:05:17 | 01,643,091 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\IMG_3262.jpg
[2009/10/14 17:23:48 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\Nicos Bottle Reservations.xls
[2009/10/12 23:29:33 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/10/12 21:58:29 | 03,218,634 | ---- | M] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12)-1.ipd
[2009/10/12 21:42:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/12 21:31:11 | 00,205,567 | ---- | M] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12).ipd
[2009/10/07 17:30:47 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\plum creek.doc
[2009/10/06 11:44:24 | 00,424,385 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\nicos.JPG
[2009/10/02 11:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/25 00:12:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/25 00:12:14 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/22 16:05:12 | 00,011,545 | ---- | M] () -- C:\Documents and Settings\Fly Boy\My Documents\Glen Googin.docx
[2009/09/22 14:46:41 | 00,010,836 | ---- | M] () -- C:\Documents and Settings\Fly Boy\My Documents\Peter Young.docx

========== Files - No Company Name ==========
[2009/10/20 13:33:03 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\HijackThis.lnk
[2009/10/18 17:25:14 | 00,048,265 | ---- | C] () -- C:\WINDOWS\System32\xcsxofhxtfxwhx.exe
[2009/10/18 17:11:15 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/18 17:11:13 | 43,421,193 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/18 17:11:13 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/10/18 17:11:08 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/18 17:11:08 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/18 17:11:08 | 00,046,129 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/18 16:32:13 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\kKdXtgvUvZ4sHKZ.vbs
[2009/10/18 16:31:59 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\eqCfvNS.vbs
[2009/10/18 16:30:14 | 00,000,108 | ---- | C] () -- C:\xcrashdump.dat
[2009/10/18 16:27:48 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\__c00B4D32.dat
[2009/10/18 16:27:34 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\mcavE.vbs
[2009/10/18 16:26:51 | 00,058,341 | ---- | C] () -- C:\WINDOWS\System32\u_bnhfxzhsiydflu.dll.exe
[2009/10/18 16:20:33 | 00,086,005 | ---- | C] () -- C:\WINDOWS\System32\373d316f-5de2-c630-a009-1781742aebff.exe
[2009/10/18 15:42:33 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\JVOZHKL.vbs
[2009/10/18 15:38:30 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\Ff7uS5QuDt40d84.vbs
[2009/10/18 15:22:52 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\2kSUQAv.vbs
[2009/10/18 15:22:02 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\GFP3AVzB5DWFWne.vbs
[2009/10/18 15:21:31 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\pK4pe.vbs
[2009/10/18 15:18:29 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\ad8Bt.vbs
[2009/10/18 15:17:49 | 00,018,692 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/10/18 15:14:16 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\0XpVZY94y19Vvme.vbs
[2009/10/18 15:13:26 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\hUsbHAEXEZu82.vbs
[2009/10/18 15:11:31 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\9vwsYDv5EaM2g.vbs
[2009/10/18 15:09:34 | 00,001,382 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/10/18 15:09:23 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687C.manifest
[2009/10/18 15:09:23 | 00,003,010 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687P.manifest
[2009/10/18 15:09:23 | 00,000,621 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687O.manifest
[2009/10/18 15:09:23 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687S.manifest
[2009/10/18 15:09:22 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\tsOveiLCavcaL.vbs
[2009/10/17 16:17:40 | 00,156,160 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.doc
[2009/10/17 13:22:24 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\~$co kick off report.docx
[2009/10/17 13:22:23 | 00,041,625 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.docx
[2009/10/15 20:05:17 | 01,643,091 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\IMG_3262.jpg
[2009/10/12 21:58:29 | 03,218,634 | ---- | C] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12)-1.ipd
[2009/10/12 21:31:11 | 00,205,567 | ---- | C] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12).ipd
[2009/10/09 20:45:36 | 00,058,368 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\Nicos Bottle Reservations.xls
[2009/10/07 17:30:47 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\plum creek.doc
[2009/10/06 11:44:23 | 00,424,385 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\nicos.JPG
[2009/09/25 00:12:09 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2009/09/22 16:05:12 | 00,011,545 | ---- | C] () -- C:\Documents and Settings\Fly Boy\My Documents\Glen Googin.docx
[2009/09/22 14:46:41 | 00,010,836 | ---- | C] () -- C:\Documents and Settings\Fly Boy\My Documents\Peter Young.docx
[2009/08/01 07:43:02 | 00,482,816 | ---- | C] () -- C:\WINDOWS\System32\lfflhnudxfszndih.dll
[2009/07/29 23:01:19 | 00,000,069 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\AVSDVDPlayer.m3u
[2009/07/29 20:50:13 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/29 20:50:13 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/14 14:25:32 | 05,323,656 | -H-- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\IconCache.db
[2009/07/02 06:34:10 | 01,332,224 | ---- | C] () -- C:\WINDOWS\System32\nsx24.dll
[2009/06/29 17:45:55 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/06/29 17:36:38 | 00,000,185 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/06/23 15:42:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/06/21 22:26:23 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/16 18:07:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\desktop.ini
[2009/06/16 18:07:43 | 00,114,904 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/16 18:07:43 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\fusioncache.dat
[2009/05/31 21:37:54 | 00,325,120 | ---- | C] () -- C:\WINDOWS\System32\atsnbbqp.dll
[2008/05/13 16:44:01 | 00,001,472 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/05/11 20:14:26 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/04/11 19:18:19 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/04 23:58:51 | 00,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2006/10/31 17:34:21 | 00,003,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/26 19:38:05 | 00,002,707 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2006/09/26 19:37:28 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/09/08 10:14:35 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/03 07:42:59 | 00,000,426 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/02 18:27:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 20:15:35 | 00,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/17 20:12:08 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/17 19:56:56 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/17 19:36:31 | 00,011,741 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 03:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 06:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:58:22 | 00,000,552 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 22:47:16 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/06 22:46:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/10/18 17:11:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/25 00:35:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/06 15:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/28 13:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2009/06/20 19:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2008/06/15 12:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/10/18 17:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/07/29 20:51:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2007/03/26 18:29:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/09/18 23:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/02/17 20:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/11/27 20:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mathematica
[2006/02/17 20:14:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/10/12 23:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/03/26 18:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2009/07/29 06:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2006/02/17 19:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/16 15:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/07/03 14:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/12 21:14:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/07/08 21:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/18 16:26:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Fly Boy\Application Data
[2009/07/29 07:27:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\5400 Series
[2009/10/18 15:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\AVS4YOU
[2009/06/20 21:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Blackberry Desktop
[2009/08/28 12:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Eltima Software
[2009/06/16 17:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Intuit
[2009/10/18 16:37:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\LimeWire
[2009/10/18 16:26:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Messenger
[2009/06/20 21:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Research In Motion
[2009/10/18 16:54:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Smart-Ads-Solutions
[2009/08/28 12:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Windows Desktop Search
[2009/08/31 11:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\Windows Search
[2009/09/23 08:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\YouSendIt
[2009/10/12 21:42:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 01:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/21 13:21:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
< End of report >

#5 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 21 October 2009 - 10:13 PM

Finally the results log...

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-21 20:09:56
Windows 5.1.2600 Service Pack 3
Running: 7cb7tlng.exe; Driver: C:\DOCUME~1\FLYBOY~1\LOCALS~1\Temp\ufroikob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2240] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2416] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2752] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0575AEB0 C:\WINDOWS\system32\lfflhnudxfszndih.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:33 AM

Posted 22 October 2009 - 05:31 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/07/02 06:34:10 | 01,335,808 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\components\831b1545-eea9-e6b6-031a-e8125bfc99b0.dll
    O2 - BHO: (no name) - {041E1E86-D5F9-4550-B16C-1A24F5FCE813} - C:\WINDOWS\System32\dpwsockx32.dll File not found
    O2 - BHO: (precisead) - {181c17c0-c01f-4f1c-8397-c65647e60916} - C:\WINDOWS\System32\nsx24.dll ()
    O2 - BHO: (MessengerUpdate Class) - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\MsgUpdate.dll (Pending Approval)
    O4 - HKLM..\Run: [mbznmbzchdpcwnk] C:\WINDOWS\System32\lfflhnudxfszndih.dll ()
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\cryptdlg32.dll) - C:\WINDOWS\System32\cryptdlg32.dll File not found
    O20 - Winlogon\Notify\__c00B4D32: DllName - C:\WINDOWS\system32\__c00B4D32.dat - C:\WINDOWS\System32\__c00B4D32.dat ()
    O20 - Winlogon\Notify\2bf6d0de687: DllName - C:\WINDOWS\System32\cryptdlg32.dll - C:\WINDOWS\System32\cryptdlg32.dll File not found
    [2009/10/18 16:26:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\Messenger
    [2009/10/18 16:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\Smart-Ads-Solutions
    [2009/06/16 16:04:24 | 00,458,854 | ---- | C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll
    [2009/10/19 23:38:41 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\__c00B4D32.dat
    [2009/10/19 15:16:46 | 00,086,005 | ---- | M] () -- C:\WINDOWS\System32\373d316f-5de2-c630-a009-1781742aebff.exe
    [2009/10/18 17:25:14 | 00,048,265 | ---- | M] () -- C:\WINDOWS\System32\xcsxofhxtfxwhx.exe
    [2009/10/18 17:15:30 | 00,000,108 | ---- | M] () -- C:\xcrashdump.dat
    [2009/10/18 16:32:13 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\kKdXtgvUvZ4sHKZ.vbs
    [2009/10/18 16:31:59 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\eqCfvNS.vbs
    [2009/10/18 16:27:34 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\mcavE.vbs
    [2009/10/18 16:26:51 | 00,058,341 | ---- | M] () -- C:\WINDOWS\System32\u_bnhfxzhsiydflu.dll.exe
    [2009/10/18 15:42:33 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\JVOZHKL.vbs
    [2009/10/18 15:38:30 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\Ff7uS5QuDt40d84.vbs
    [2009/10/18 15:22:52 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\2kSUQAv.vbs
    [2009/10/18 15:22:02 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\GFP3AVzB5DWFWne.vbs
    [2009/10/18 15:21:31 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\pK4pe.vbs
    [2009/10/18 15:18:29 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\ad8Bt.vbs
    [2009/10/18 15:14:16 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\0XpVZY94y19Vvme.vbs
    [2009/10/18 15:13:26 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\hUsbHAEXEZu82.vbs
    [2009/10/18 15:11:31 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\9vwsYDv5EaM2g.vbs
    [2009/10/18 15:09:22 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\tsOveiLCavcaL.vbs
    [2009/08/01 07:43:02 | 00,482,816 | ---- | C] () -- C:\WINDOWS\System32\lfflhnudxfszndih.dll
    [2009/05/31 21:37:54 | 00,325,120 | ---- | C] () -- C:\WINDOWS\System32\atsnbbqp.dll
    [2008/05/13 16:44:01 | 00,001,472 | ---- | C] () -- C:\WINDOWS\cookies.ini
    [2008/05/11 20:14:26 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
    
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
=================================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 October 2009 - 12:34 PM

Here is the report now.
All processes killed
========== OTL ==========
LoadLibrary failed for C:\Program Files\mozilla firefox\components\831b1545-eea9-e6b6-031a-e8125bfc99b0.dll
C:\Program Files\mozilla firefox\components\831b1545-eea9-e6b6-031a-e8125bfc99b0.dll NOT unregistered.
C:\Program Files\mozilla firefox\components\831b1545-eea9-e6b6-031a-e8125bfc99b0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{041E1E86-D5F9-4550-B16C-1A24F5FCE813}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{041E1E86-D5F9-4550-B16C-1A24F5FCE813}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181c17c0-c01f-4f1c-8397-c65647e60916}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181c17c0-c01f-4f1c-8397-c65647e60916}\ deleted successfully.
C:\WINDOWS\System32\nsx24.dll unregistered successfully.
C:\WINDOWS\System32\nsx24.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5948A52A-BA3A-49A8-BCAF-D578502BDA9D}\ deleted successfully.
C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\MsgUpdate.dll unregistered successfully.
C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\MsgUpdate.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mbznmbzchdpcwnk deleted successfully.
C:\WINDOWS\System32\lfflhnudxfszndih.dll unregistered successfully.
C:\WINDOWS\System32\lfflhnudxfszndih.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\cryptdlg32.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00B4D32\ deleted successfully.
Invalid CLSID key: __c00B4D32
File move failed. C:\WINDOWS\System32\__c00B4D32.dat scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\2bf6d0de687\ deleted successfully.
File move failed. C:\Documents and Settings\Fly Boy\Application Data\Messenger scheduled to be moved on reboot.
C:\Documents and Settings\Fly Boy\Application Data\Smart-Ads-Solutions moved successfully.
C:\Program Files\Uninstall Fun Web Products.dll unregistered successfully.
C:\Program Files\Uninstall Fun Web Products.dll moved successfully.
File move failed. C:\WINDOWS\System32\__c00B4D32.dat scheduled to be moved on reboot.
C:\WINDOWS\System32\373d316f-5de2-c630-a009-1781742aebff.exe moved successfully.
C:\WINDOWS\System32\xcsxofhxtfxwhx.exe moved successfully.
C:\xcrashdump.dat moved successfully.
C:\WINDOWS\System32\kKdXtgvUvZ4sHKZ.vbs moved successfully.
C:\WINDOWS\System32\eqCfvNS.vbs moved successfully.
C:\WINDOWS\System32\mcavE.vbs moved successfully.
C:\WINDOWS\System32\u_bnhfxzhsiydflu.dll.exe moved successfully.
C:\WINDOWS\System32\JVOZHKL.vbs moved successfully.
C:\WINDOWS\System32\Ff7uS5QuDt40d84.vbs moved successfully.
C:\WINDOWS\System32\2kSUQAv.vbs moved successfully.
C:\WINDOWS\System32\GFP3AVzB5DWFWne.vbs moved successfully.
C:\WINDOWS\System32\pK4pe.vbs moved successfully.
C:\WINDOWS\System32\ad8Bt.vbs moved successfully.
C:\WINDOWS\System32\0XpVZY94y19Vvme.vbs moved successfully.
C:\WINDOWS\System32\hUsbHAEXEZu82.vbs moved successfully.
C:\WINDOWS\System32\9vwsYDv5EaM2g.vbs moved successfully.
C:\WINDOWS\System32\tsOveiLCavcaL.vbs moved successfully.
File C:\WINDOWS\System32\lfflhnudxfszndih.dll not found.
C:\WINDOWS\System32\atsnbbqp.dll unregistered successfully.
C:\WINDOWS\System32\atsnbbqp.dll moved successfully.
C:\WINDOWS\cookies.ini moved successfully.
C:\WINDOWS\pskt.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Ali Rashidifar

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Fly Boy
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\etilqs_P5jXc2l2kjQE6btxLziG scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF111F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF12FC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF16B7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF16E1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF3A60.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF944.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAD7A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAE19.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAE9D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAEAA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAF82.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAF8F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFBAF.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 2097417491 bytes
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 45407418 bytes
->Java cache emptied: 68516258 bytes
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 61561913 bytes
->Google Chrome cache emptied: 594288 bytes

User: LocalService
->Temp folder emptied: 66552 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33438 bytes

User: Majid
->Temp folder emptied: 28299972 bytes
->Temporary Internet Files folder emptied: 160909673 bytes
->Java cache emptied: 347685 bytes
->Apple Safari cache emptied: 186777427 bytes

User: NetworkService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 111876573 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 525841 bytes
File delete failed. C:\WINDOWS\temp\1477974d-1b55-49d3-9580-196f39e66d21.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_274.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 30632963 bytes
RecycleBin emptied: 1893093 bytes

Total Files Cleaned = -1430.50 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10222009_101908

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\__c00B4D32.dat scheduled to be moved on reboot.
C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\Aud32 moved successfully.
C:\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers moved successfully.
C:\Documents and Settings\Fly Boy\Application Data\Messenger moved successfully.
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\etilqs_P5jXc2l2kjQE6btxLziG not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF111F.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF12FC.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF16B7.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF16E1.tmp not found!
C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF3A60.tmp moved successfully.
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DF944.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAD7A.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAE19.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAE9D.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAEAA.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAF82.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFAF8F.tmp not found!
File\Folder C:\Documents and Settings\Fly Boy\Local Settings\Temp\~DFBAF.tmp not found!
C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Fly Boy\Local Settings\Application Data\Mozilla\Firefox\Profiles\we54oeey.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\1477974d-1b55-49d3-9580-196f39e66d21.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_274.dat not found!

Registry entries deleted on Reboot...

#8 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 October 2009 - 02:43 PM

Here is the log from MBAM
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/22/2009 12:37:40 PM
mbam-log-2009-10-22 (12-37-40).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 286860
Time elapsed: 1 hour(s), 46 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c00B4D32.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b4d32 (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxsys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\_OTL\MovedFiles\10222009_101908\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10222009_101908\Documents and Settings\Fly Boy\Application Data\Messenger\Drivers\Aud32\gani.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10222009_101908\Documents and Settings\Fly Boy\Application Data\Messenger\Sys\mu.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10222009_101908\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10222009_101908\WINDOWS\System32\373d316f-5de2-c630-a009-1781742aebff.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10222009_101908\WINDOWS\System32\u_bnhfxzhsiydflu.dll.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\10222009_101908\WINDOWS\System32\xcsxofhxtfxwhx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\313.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\314.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\315.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\316.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\317.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\318.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\319.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\320.music4.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00B4D32.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM28c5e3ed.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM28c5e3ed.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.

#9 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 October 2009 - 04:17 PM

Finally the ESET log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=c9f511627379924295509ffac67879aa
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-22 09:11:36
# local_time=2009-10-22 02:11:36 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 87120 87120 0 0
# compatibility_mode=1029 16777173 100 91 0 167353 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=13969
# found=0
# cleaned=0
# scan_time=1597

#10 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 October 2009 - 04:19 PM

Thanks for your help. I will wait for your next instructions.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:33 AM

Posted 22 October 2009 - 05:51 PM

You are welcome :(
==============
One or more of the identified infections is a backdoor trojan or rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
==========================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
============
Also let me know how it is running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 October 2009 - 09:23 PM

Wow! Scary stuff! Thanks so much for your help. The computer seems to be running fine now. I think you fixed it. Here is the OTL.txt

OTL logfile created on: 10/22/2009 7:17:39 PM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Fly Boy\Desktop\antivirus stuff
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 45.49% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3840 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.94 Gb Total Space | 19.25 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 0.52 Gb Free Space | 6.92% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC294771894831
Current User Name: Fly Boy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fly Boy\Desktop\antivirus stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avg9wd [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlusHelper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HP Port Resolver [On_Demand | Stopped]) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (HP Status Server [On_Demand | Stopped]) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\HPBOID.EXE (Hewlett-Packard Company)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 86 1E 1E 04 F9 D5 50 45 B1 6C 1A 24 F5 FC E8 13 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {47b6b561-24ac-4303-be98-8b2084357880}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/16 18:55:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 13:11:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/22 10:26:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/22 10:19:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/25 00:13:41 | 00,000,000 | ---D | M]

[2009/06/16 18:59:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Extensions
[2009/06/16 18:59:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/18 17:27:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions
[2009/08/06 18:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/18 17:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{47b6b561-24ac-4303-be98-8b2084357880}
[2009/12/13 19:55:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/01 12:00:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fly Boy\Application Data\mozilla\Firefox\Profiles\we54oeey.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/22 13:08:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 12:37:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/18 18:21:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/16 18:55:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/04 12:36:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 12:36:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/06/16 18:55:33 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/04 12:36:57 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/25 00:13:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/25 00:13:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/25 00:13:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/25 00:13:41 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/07 12:44:18 | 00,030,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/06/02 16:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 16:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 16:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 16:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 16:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 16:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 16:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DeleteLog] C:\WINDOWS\System32\oobe\DeleteLog.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll File not found
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1245349088218 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/06/13 10:58:42 | 00,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 00,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/25 00:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/18 17:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/22 10:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/12 23:20:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/18 15:58:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\AVS4YOU
[2009/10/18 15:00:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\LimeWire
[2009/10/22 10:41:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\Malwarebytes
[2009/09/23 08:31:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Application Data\YouSendIt
[1 C:\Documents and Settings\Fly Boy\Desktop\*.tmp files]
[2009/10/20 13:17:40 | 00,000,000 | ---D | C] -- C:\Program Files\Bazooka Scanner
[2009/09/25 00:32:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/22 13:38:45 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/20 13:26:31 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/09/25 00:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPhone Configuration Utility
[2009/10/22 10:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/20 13:33:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/23 08:31:09 | 00,000,000 | ---D | C] -- C:\Program Files\YouSendIt
[2009/10/22 12:49:24 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/22 10:41:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/22 10:41:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/22 10:26:22 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys.prepare
[2009/10/22 10:26:13 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys.prepare
[2009/10/22 10:25:57 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys.prepare
[2009/10/22 10:19:08 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/21 16:23:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Desktop\antivirus stuff
[2009/10/18 17:18:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fly Boy\Desktop\hitechcard
[2009/10/18 17:11:43 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/18 17:11:12 | 00,161,672 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/10/18 17:11:12 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/18 17:11:11 | 00,356,616 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/18 17:11:08 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/18 17:11:08 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/18 17:11:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/18 17:02:38 | 93,477,512 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Fly Boy\Desktop\avg_avwt_stf_all_90_663a1706.exe

========== Files - Modified Within 30 Days ==========

[1 C:\Documents and Settings\Fly Boy\Desktop\*.tmp files]
[2009/10/22 15:39:49 | 43,527,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/22 15:39:12 | 00,048,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/22 13:14:18 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\OBM Resume.doc
[2009/10/22 13:07:36 | 00,554,968 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/22 13:07:36 | 00,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/22 13:07:36 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/22 12:55:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/22 12:55:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/22 12:55:21 | 13,403,29984 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/22 12:54:04 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/22 10:41:07 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/22 10:26:22 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys.prepare
[2009/10/22 10:26:13 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys.prepare
[2009/10/22 10:25:57 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys.prepare
[2009/10/18 17:11:15 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/18 17:11:13 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/10/18 17:11:12 | 00,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/10/18 17:11:12 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/18 17:11:11 | 00,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/18 17:11:08 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/18 17:11:08 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/18 17:11:08 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/18 17:11:08 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/18 17:07:15 | 93,477,512 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Fly Boy\Desktop\avg_avwt_stf_all_90_663a1706.exe
[2009/10/18 17:02:30 | 00,003,010 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687P.manifest
[2009/10/18 16:46:16 | 00,005,609 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687C.manifest
[2009/10/18 16:43:27 | 00,000,621 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687O.manifest
[2009/10/18 16:43:16 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687S.manifest
[2009/10/18 16:37:46 | 00,114,904 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/18 16:33:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 16:02:52 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Application Data\AVSDVDPlayer.m3u
[2009/10/18 11:42:36 | 02,269,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/18 11:24:14 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/17 16:17:40 | 00,156,160 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.doc
[2009/10/17 13:48:12 | 00,041,625 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.docx
[2009/10/17 13:22:24 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\~$co kick off report.docx
[2009/10/15 20:05:17 | 01,643,091 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\IMG_3262.jpg
[2009/10/14 17:23:48 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\Nicos Bottle Reservations.xls
[2009/10/12 23:29:33 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/10/12 21:58:29 | 03,218,634 | ---- | M] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12)-1.ipd
[2009/10/12 21:42:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/12 21:31:11 | 00,205,567 | ---- | M] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12).ipd
[2009/10/07 17:30:47 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\plum creek.doc
[2009/10/06 11:44:24 | 00,424,385 | ---- | M] () -- C:\Documents and Settings\Fly Boy\Desktop\nicos.JPG
[2009/10/02 11:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/25 00:12:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/25 00:12:14 | 00,000,211 | RHS- | M] () -- C:\boot.ini

========== Files - No Company Name ==========
[2009/10/22 13:10:12 | 00,058,880 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\OBM Resume.doc
[2009/10/22 10:41:07 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 17:11:15 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/18 17:11:13 | 43,527,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/18 17:11:13 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2009/10/18 17:11:08 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/18 17:11:08 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/18 17:11:08 | 00,048,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/18 15:09:23 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687C.manifest
[2009/10/18 15:09:23 | 00,003,010 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687P.manifest
[2009/10/18 15:09:23 | 00,000,621 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687O.manifest
[2009/10/18 15:09:23 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\02000000a11229ac687S.manifest
[2009/10/17 16:17:40 | 00,156,160 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.doc
[2009/10/17 13:22:24 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\~$co kick off report.docx
[2009/10/17 13:22:23 | 00,041,625 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\Nico kick off report.docx
[2009/10/15 20:05:17 | 01,643,091 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\IMG_3262.jpg
[2009/10/12 21:58:29 | 03,218,634 | ---- | C] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12)-1.ipd
[2009/10/12 21:31:11 | 00,205,567 | ---- | C] () -- C:\Documents and Settings\Fly Boy\My Documents\LoaderBackup-(2009-10-12).ipd
[2009/10/09 20:45:36 | 00,058,368 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\Nicos Bottle Reservations.xls
[2009/10/07 17:30:47 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\plum creek.doc
[2009/10/06 11:44:23 | 00,424,385 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Desktop\nicos.JPG
[2009/09/25 00:12:09 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2009/07/29 23:01:19 | 00,000,069 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\AVSDVDPlayer.m3u
[2009/07/29 20:50:13 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/29 20:50:13 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/14 14:25:32 | 05,323,656 | -H-- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\IconCache.db
[2009/06/29 17:45:55 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/06/29 17:36:38 | 00,000,185 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/06/23 15:42:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/06/21 22:26:23 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/16 18:07:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Fly Boy\Application Data\desktop.ini
[2009/06/16 18:07:43 | 00,114,904 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/16 18:07:43 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Fly Boy\Local Settings\Application Data\fusioncache.dat
[2008/04/11 19:18:19 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/04 23:58:51 | 00,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2006/10/31 17:34:21 | 00,003,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/26 19:38:05 | 00,002,707 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2006/09/26 19:37:28 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/09/08 10:14:35 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/03 07:42:59 | 00,000,426 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/02 18:27:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/17 20:15:35 | 00,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/17 20:12:08 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/17 19:56:56 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/17 19:36:31 | 00,011,741 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/02 03:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 06:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:58:22 | 00,000,552 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 22:47:16 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/06 22:46:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
< End of report >

#13 ken-002

ken-002
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 October 2009 - 09:28 PM

I just sent a donation. Thanks again!!

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:33 AM

Posted 23 October 2009 - 06:58 AM

Thank you as well for the donation.
Follow the below steps it will remove what we have used.
Safe Surfing :(
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users