Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer reports attached


  • This topic is locked This topic is locked
21 replies to this topic

#1 mxshapiro

mxshapiro

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 07 January 2010 - 05:12 PM

DDS (Ver_09-12-01.01) - NTFSx86
Run by 4 at 16:24:12.14 on Thu 01/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.403 [GMT -5:00]

AV: Windows PC Defender *On-access scanning enabled* (Updated) {D978D4DB-64B7-42AC-829D-AEAF67A3FB2A}
FW: Windows PC Defender *enabled* {E3DF296E-3B09-4F54-B703-D753F9A1CFC2}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mgcsload.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Link\D-Link USB Phone Adapter\DPH-50U Utility.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\4\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.boston.com/sports
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [AtiPTA] Atiptaxx.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [TLinkAgent] c:\program files\d-link\d-link usb phone adapter\DPH-50U Utility.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\button~1.lnk - c:\program files\initio\button manager v1.874\inihid.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226412860250
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://rmlsfl.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://rmlsfl.mlxchange.com/4.3.05.62/Control/WebDog.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\4\applic~1\mozilla\firefox\profiles\y1086ukb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.boston.com/sports
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-27 64288]
R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [2009-11-11 14888]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 MFP Data Manage Super;MFP Data Manage Super;c:\program files\panasonic\panasonic-dms\mfp utilities common\MfpDtMng.exe [2009-8-26 552960]
R2 Mgcscrd;MFP Com Redirector;c:\windows\system32\drivers\MgcsCrd.Sys [2009-8-26 15872]
R2 MGCSECP;MGCSECP;c:\windows\system32\drivers\Mgcsecp.sys [2009-8-26 99808]
R2 Port Controller;Port Controller;c:\program files\panasonic\panasonic-dms\port controller\Mgcsload.exe [2009-8-26 57344]
R3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2001-12-21 303232]
R3 slusbvip;SmartLink USB Driver;c:\windows\system32\drivers\slusbvip.sys [2009-11-11 546120]
R3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [2009-11-11 43248]
S2 gupdate1c97cfa1dc6b600;Google Update Service (gupdate1c97cfa1dc6b600);c:\program files\google\update\GoogleUpdate.exe [2009-1-22 133104]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]

=============== Created Last 30 ================

2010-01-07 20:51:13 0 d-----w- c:\program files\Trend Micro
2010-01-07 20:41:24 0 d-----w- c:\program files\TrendMicro
2010-01-07 17:50:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 17:50:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 17:50:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 17:05:55 0 d-----w- c:\program files\AVG
2009-12-14 17:37:31 0 d-----w- c:\program files\NeuroActive 5.0

==================== Find3M ====================

2010-01-07 20:46:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-07 01:15:14 63396 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-02 00:58:38 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-09-16 14:30:57 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-05-26 18:35:42 1422 ----a-w- c:\program files\ReadMe.txt
2008-07-16 21:07:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071620080717\index.dat

============= FINISH: 16:25:24.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:27 PM

Posted 14 January 2010 - 11:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 mxshapiro

mxshapiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 14 January 2010 - 12:30 PM

The attach.txt and DDS.txt are attached...HELP ME

I can't use common search engines. I've been using altavista for now

Attached Files



#4 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:27 PM

Posted 14 January 2010 - 07:14 PM

Hello mxshapiro

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off when copying and pasting logs and only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:27 PM

Posted 15 January 2010 - 06:34 PM

Hello mxshapiro,

I see you you have Windows PC Defender installed.
QUOTE
Windows PC Defender is a new rogue from the same family as Ultimate System Guard and Windows Guard Pro.
Windows PC Defender is promoted through the use of pop-ups that appear when browsing the web.
These pop-ups will state that malware was detected on your computer and that you should perform an online anti-malware scan.
Regardless of what button you press on this pop-up you will be brought to a page that shows what appears to be an online scanner that is scanning your computer.
This scanner, though, is only an advertisement and has no way of scanning your computer, let alone telling you if there are infections on it.
When the advertisement is finished it will state that you are infected and then prompt you to download Windows PC Defender to your computer.


After the program is removed I will give you some reputable antivirus solutions.

Step 1.

Please disable Ad-Aware's AdWatch, as it may hinder the removal of some entries.
To disable AdWatch:
  • Open AdAware SE.
  • Go to AdWatch User Interface.
  • Go to Tools and Preferences.
  • At the bottom of the screen you will see 2 options Active and Automatic.
  • Active: This will turn Ad-Watch On\Off without closing it.
  • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both options. You can enable these after resolving your problem.
Step 2.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire 5.3.6). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.

Step 3.

I need you to run MBAM.
    Open MBAM
  • Click on the UpdateTab before performing a scan. Click on the Check for Updates button. If an update is found, the program will automatically update itself. After the update press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 4.

Please download HostsXpert 4.2
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Step 5.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Step 6.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply please copy/paste the following in the body of the reply box. Please do not attach.

MBAM log
OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized
gmer.log


Thanks!!
PW

#6 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:27 PM

Posted 19 January 2010 - 10:21 AM

Hello mxshapiro,

Do you still need help?

Thanks!!
PW

#7 mxshapiro

mxshapiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 20 January 2010 - 01:36 PM

just returned from a road trip, I'll try to resolve tonight and let you know...Thanks

#8 mxshapiro

mxshapiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 21 January 2010 - 03:15 PM

all attached...thanks

Attached Files



#9 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:27 PM

Posted 22 January 2010 - 09:19 AM

Hello mxshapiro,

Please see my posts #4 and #5.

QUOTE
only attach logs if asked to.


QUOTE
In your next reply please copy/paste the following in the body of the reply box. Please do not attach.


Could you please copy/paste the logs in the reply box and repost.

Thanks!!
PW

#10 mxshapiro

mxshapiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 22 January 2010 - 10:16 AM


All reports are pasted below...Thnaks...mxshapiro


Malwarebytes' Anti-Malware 1.44
Database version: 3605
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/20/2010 6:46:16 PM
mbam-log-2010-01-20 (18-46-16).txt

Scan type: Quick Scan
Objects scanned: 131751
Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 1/20/2010 6:48:20 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\4\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1200 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.22 Gb Total Space | 20.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 71.22 Gb Total Space | 47.28 Gb Free Space | 66.39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAEL
Current User Name: 4
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 18:47:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\4\My Documents\Downloads\OTL.exe
PRC - [2010/01/06 20:48:05 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/20 19:59:11 | 01,643,272 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2009/12/20 19:59:06 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/20 19:59:03 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/07/27 12:08:20 | 00,356,352 | R--- | M] (funkytoad.com) -- C:\Documents and Settings\4\Local Settings\Temp\Temporary Directory 1 for HostsXpert.zip\HostsXpert\HostsXpert.exe
PRC - [2008/06/10 14:56:31 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2008/06/10 14:56:29 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/10 14:56:27 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:36 | 00,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spider.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/12 19:23:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/11/16 05:49:44 | 05,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/06 09:58:53 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/10/14 19:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/02/06 21:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2003/03/18 12:20:00 | 00,552,960 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
PRC - [2003/02/19 01:16:40 | 00,057,344 | ---- | M] () -- C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mgcsload.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 18:47:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\4\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2009/12/20 19:59:03 | 01,181,328 | ---- | M] (Lavasoft) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 12:03:38 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/22 20:30:00 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c97cfa1dc6b600) Google Update Service (gupdate1c97cfa1dc6b600)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/14 08:50:56 | 00,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/03/18 12:20:00 | 00,552,960 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe -- (MFP Data Manage Super)
SRV - [2003/03/09 20:31:02 | 00,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/02/19 01:16:40 | 00,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mgcsload.exe -- (Port Controller)


========== Driver Services (SafeList) ==========

DRV - [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/06/10 15:04:26 | 00,031,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2008/05/02 21:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/31 11:15:46 | 00,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/05/11 17:31:36 | 03,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 17:31:22 | 00,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/04/07 11:06:42 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/03/01 02:31:36 | 00,043,248 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slvad.sys -- (SLVAD_simple)
DRV - [2006/03/01 02:31:26 | 00,546,120 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slusbvip.sys -- (slusbvip)
DRV - [2006/03/01 02:31:00 | 00,014,888 | R--- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TLRecAgent.sys -- (TLRecAgent)
DRV - [2005/10/27 14:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/09/06 09:58:55 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 17:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/03/03 09:50:00 | 00,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [2004/02/10 21:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/03/09 20:31:02 | 00,021,456 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 20:31:02 | 00,016,080 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 20:31:00 | 00,051,024 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2001/12/21 10:10:08 | 00,303,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2001/10/25 19:05:56 | 00,099,808 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Mgcsecp.sys -- (MGCSECP)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:49:00 | 00,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)
DRV - [2000/12/19 12:43:04 | 00,015,872 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MgcsCrd.Sys -- (Mgcscrd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/sports
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.boston.com/sports"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 20:48:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 20:48:14 | 00,000,000 | ---D | M]

[2009/08/14 12:16:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Extensions
[2009/08/14 12:16:53 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\4\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2009/06/15 15:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/19 19:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Firefox\Profiles\y1086ukb.default\extensions
[2009/11/11 09:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Firefox\Profiles\y1086ukb.default\extensions\browserhighlighter@ebay.com
[2010/01/07 18:03:14 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\4\Application Data\Mozilla\Firefox\Profiles\y1086ukb.default\searchplugins\youtube-video-search.xml
[2010/01/19 19:11:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/14 10:09:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2009/03/11 08:03:22 | 00,235,520 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll
[2009/03/11 08:03:22 | 00,235,520 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll_
[2009/09/23 06:36:42 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2009/09/23 06:36:07 | 00,006,891 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 194 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TLinkAgent] C:\Program Files\D-Link\D-Link USB Phone Adapter\DPH-50U Utility.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Button Manager v1.874.lnk = C:\Program Files\INITIO\Button Manager v1.874\inihid.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1226412860250 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://rmlsfl.mlxchange.com/5.0.05.46/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Value error.)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://rmlsfl.mlxchange.com/4.3.05.62/Control/WebDog.cab (Cerebus Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 21:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/12 20:30:47 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/07 15:51:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/07 15:41:24 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/07 12:50:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 12:50:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 12:50:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/07 12:23:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/07 12:23:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/07 12:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/07 12:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/11 14:57:17 | 00,043,248 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slvad.sys
[2009/11/11 14:56:50 | 00,546,120 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slusbvip.sys
[2009/11/11 14:56:50 | 00,014,888 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\TLRecAgent.sys
[2009/02/11 07:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/10 08:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/08/24 10:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/07/12 20:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/16 11:22:16 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/20 18:51:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/20 18:27:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/20 18:27:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/20 18:27:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/20 18:27:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/20 18:27:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/20 18:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 10:02:14 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 10:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\tcbuitgy.job
[2010/01/20 09:54:51 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/01/20 09:54:34 | 00,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/20 09:54:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 09:54:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 09:54:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 09:54:00 | 13,401,33376 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/20 09:53:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/01/19 21:09:35 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\4\ntuser.ini
[2010/01/19 21:09:34 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\4\NTUSER.DAT
[2010/01/19 21:07:58 | 10,723,582 | -H-- | M] () -- C:\Documents and Settings\4\Local Settings\Application Data\IconCache.db
[2010/01/14 10:39:55 | 00,018,608 | ---- | M] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103949.reg
[2010/01/14 10:39:21 | 00,129,124 | ---- | M] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103914.reg
[2010/01/14 09:46:07 | 00,006,397 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/01/12 17:07:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 15:51:13 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\4\Desktop\HiJackThis.lnk
[2010/01/07 08:41:32 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 16:38:14 | 00,162,304 | ---- | M] () -- C:\Documents and Settings\4\My Documents\Bank Contacts.xls
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 10:39:51 | 00,018,608 | ---- | C] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103949.reg
[2010/01/14 10:39:16 | 00,129,124 | ---- | C] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103914.reg
[2010/01/07 15:41:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\4\Desktop\HiJackThis.lnk
[2009/11/11 14:57:18 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\slvipco.dll
[2009/11/11 14:57:17 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\slvipgx.dll
[2009/08/26 19:17:08 | 00,099,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mgcsecp.sys
[2009/08/26 19:17:08 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\MGCSInst.dll
[2009/08/26 19:17:08 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\InstProc.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/06 08:07:34 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 12:52:07 | 00,000,009 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2009/02/03 16:53:15 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2008/08/07 10:05:44 | 00,000,074 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
[2008/07/28 13:17:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Missouri.dll
[2008/05/15 15:19:17 | 00,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2008/05/15 07:43:13 | 00,001,422 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2008/05/02 21:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 21:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 21:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 21:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 21:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/12/23 11:29:33 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/21 09:36:20 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2007/12/16 09:41:18 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/11 16:12:54 | 00,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/07 19:00:36 | 00,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/07 11:26:19 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/04/07 11:06:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/04/07 11:06:22 | 00,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/24 10:33:16 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2005/11/17 17:48:26 | 00,006,643 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2005/10/04 11:40:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\instut32.dll
[2005/09/15 11:21:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/06 10:10:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/06 09:38:46 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/06 09:38:34 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/12 08:16:58 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2003/03/09 21:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/11 16:46:15 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2000/02/17 12:57:02 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\Gn32.dll
[1999/10/13 13:59:48 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\Gns2kzip.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D79367EB
< End of report >

OTL Extras logfile created on: 1/20/2010 6:48:20 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\4\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1200 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.22 Gb Total Space | 20.82 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 71.22 Gb Total Space | 47.28 Gb Free Space | 66.39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAEL
Current User Name: 4
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8460:TCP" = 8460:TCP:*:Enabled:limewire listen

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\All Users\Application Data\1886a72\WP1886.exe" = C:\Documents and Settings\All Users\Application Data\1886a72\WP1886.exe:*:Enabled:Windows PC Defender -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{54A90A9E-E537-11DE-811A-005056806466}" = Google Earth Plug-in
"{5BBCB4BF-F42C-486C-AED1-E617D83958C8}" = Panasonic-DMS
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.874
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{880C5F41-46C6-4913-B63C-CE102B9ABACC}" = Web-Based Email Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8588312-BFF7-42D7-ADC1-1164CE7F9D2E}" = Brain Fitness Pro
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC048C55-C840-11D7-B001-00104BD1C82F}" = CANS-MCI Multimedia Presentation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DE2B2F11-946A-42CE-853E-97B49D0D110A}" = Encompass Installation Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ATI Display Driver" = ATI Display Driver
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CATs" = CATs
"CCleaner" = CCleaner (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeuroActive" = NeuroActive
"NeuroActive 5.0 Pro" = NeuroActive 5.0 Pro
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Small Business Atorney" = Small Business Attorney
"TLink" = D-Link USB Phone Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2010 9:38:08 PM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x0001822d.

Error - 1/15/2010 11:03:03 AM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x00002392.

Error - 1/15/2010 2:59:05 PM | Computer Name = MICHAEL | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/16/2010 11:27:26 AM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x00002392.

Error - 1/17/2010 8:59:59 AM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x00002392.

Error - 1/19/2010 8:24:57 PM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x00002392.

Error - 1/19/2010 9:01:37 PM | Computer Name = MICHAEL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/20/2010 11:25:38 AM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x00002392.

Error - 1/20/2010 11:38:49 AM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x00002392.

Error - 1/20/2010 11:57:29 AM | Computer Name = MICHAEL | Source = Application Error | ID = 1000
Description = Faulting application dph-50u utility.exe, version 1.0.0.0, faulting
module dph-50u utility.exe, version 1.0.0.0, fault address 0x00002392.

[ OSession Events ]
Error - 3/11/2009 9:25:22 PM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 49619
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 3/18/2009 12:28:49 PM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4454
seconds with 480 seconds of active time. This session ended with a crash.

Error - 4/3/2009 9:36:16 PM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 51125
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 6/2/2009 9:59:03 PM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24163
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/20/2009 8:09:02 AM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 182
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/30/2009 9:16:58 AM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3805
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/22/2009 12:09:09 PM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13205
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 10/1/2009 12:11:55 PM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17531
seconds with 900 seconds of active time. This session ended with a crash.

Error - 11/9/2009 11:04:39 AM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10027
seconds with 540 seconds of active time. This session ended with a crash.

Error - 11/21/2009 9:18:31 AM | Computer Name = MICHAEL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1277
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/27/2009 9:05:23 AM | Computer Name = MICHAEL | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%2147549465

Error - 12/27/2009 9:05:49 AM | Computer Name = MICHAEL | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-21 15:14:37
Windows 5.1.2600 Service Pack 3
Running: tuc5jssy.exe; Driver: C:\DOCUME~1\4\LOCALS~1\Temp\uwtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9589360, 0x372FAD, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9499F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1424] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE[3488] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat AD60ED20

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@InprocServer32 =IU}Xgk.q8vU{=^t{9)bBase10<?
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ HPCUE.AiOPrinter.1
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {E0CD6CED-940C-48de-982A-50B6BEB99F78}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VersionIndependentProgID@ HPCUE.AiOPrinter

---- EOF - GMER 1.0.15 ----


#11 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:27 PM

Posted 24 January 2010 - 09:51 AM

Hello mxshapiro,

QUOTE
All reports are pasted below

thumbup2.gif

I notice that the MBAM database is outdated. Your version is 3605. The latest is 3619 . It is important to have the latest database when performing a scan.

Step 1.

I need you to run another MBAM scan.
    Open MBAM
  • Click on the UpdateTab before performing a scan. Click on the Check for Updates button. If an update is found, the program will automatically update itself. After the update press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 2.

We need to check some files.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\tasks\tcbuitgy.job

Then do the same for the following:

C:\WINDOWS\System32\drivers\etc\hosts.new

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Step 3.

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :OTL
    O4 - HKLM..\Run: [] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O32 - HKLM CDRom: AutoRun - 1
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D79367EB
    "C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
    "C:\Documents and Settings\All Users\Application Data\1886a72\WP1886.exe" = C:\Documents and Settings\All Users\Application Data\1886a72\WP1886.exe:*:Enabled:Windows PC Defender -- File not found

    :REG
    [code][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled"=-
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications"=-

    :Commands
    [EmptyTemp]
    [RESETHOSTS]

  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
In your next reply please include the following:

New MBAM log
Jotti scan results
OTL report


How is your computer running? Any problems?

Thanks!!
PW

#12 mxshapiro

mxshapiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 24 January 2010 - 03:43 PM

The Jotti's scans resulted in "FOUND NOTHING" from both scan files


Malwarebytes' Anti-Malware 1.44
Database version: 3627
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/24/2010 1:49:54 PM
mbam-log-2010-01-24 (13-49-54).txt

Scan type: Quick Scan
Objects scanned: 132367
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 1/24/2010 3:40:01 PM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\4\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1200 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.22 Gb Total Space | 20.87 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 71.22 Gb Total Space | 47.28 Gb Free Space | 66.39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAEL
Current User Name: 4
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/24 15:38:26 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\4\My Documents\Downloads\OTL(2).exe
PRC - [2010/01/06 20:48:05 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/06/10 14:56:31 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2008/06/10 14:56:29 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/10 14:56:27 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/12 19:23:14 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/03/08 10:56:50 | 00,425,984 | ---- | M] () -- C:\Program Files\D-Link\D-Link USB Phone Adapter\DPH-50U Utility.exe
PRC - [2005/11/16 05:49:44 | 05,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2005/09/20 09:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/20 09:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/06 09:58:53 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/10/14 19:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/02/06 21:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
PRC - [2003/03/18 12:20:00 | 00,552,960 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe
PRC - [2003/02/19 01:16:40 | 00,057,344 | ---- | M] () -- C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mgcsload.exe


========== Modules (SafeList) ==========

MOD - [2010/01/24 15:38:26 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\4\My Documents\Downloads\OTL(2).exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/24 12:03:38 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/22 20:30:00 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c97cfa1dc6b600) Google Update Service (gupdate1c97cfa1dc6b600)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/14 08:50:56 | 00,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/05/02 21:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/03/18 12:20:00 | 00,552,960 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities Common\MfpDtMng.exe -- (MFP Data Manage Super)
SRV - [2003/03/09 20:31:02 | 00,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/02/19 01:16:40 | 00,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mgcsload.exe -- (Port Controller)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/06/10 15:04:26 | 00,031,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2008/05/02 21:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/31 11:15:46 | 00,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/05/11 17:31:36 | 03,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 17:31:22 | 00,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/04/07 11:06:42 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/03/01 02:31:36 | 00,043,248 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slvad.sys -- (SLVAD_simple)
DRV - [2006/03/01 02:31:26 | 00,546,120 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slusbvip.sys -- (slusbvip)
DRV - [2006/03/01 02:31:00 | 00,014,888 | R--- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TLRecAgent.sys -- (TLRecAgent)
DRV - [2005/10/27 14:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/20 10:00:54 | 01,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/09/06 09:58:55 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 17:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2005/01/27 21:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 14:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/03/03 09:50:00 | 00,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS -- (LCcfltr)
DRV - [2004/02/10 21:49:14 | 00,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/03/09 20:31:02 | 00,021,456 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2003/03/09 20:31:02 | 00,016,080 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/09 20:31:00 | 00,051,024 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2001/12/21 10:10:08 | 00,303,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [2001/10/25 19:05:56 | 00,099,808 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Mgcsecp.sys -- (MGCSECP)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:49:00 | 00,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)
DRV - [2000/12/19 12:43:04 | 00,015,872 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MgcsCrd.Sys -- (Mgcscrd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/sports
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.boston.com/sports"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 19:03:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 20:48:14 | 00,000,000 | ---D | M]

[2009/08/14 12:16:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Extensions
[2009/08/14 12:16:53 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\4\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2009/06/15 15:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/23 20:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Firefox\Profiles\y1086ukb.default\extensions
[2009/11/11 09:58:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\4\Application Data\Mozilla\Firefox\Profiles\y1086ukb.default\extensions\browserhighlighter@ebay.com
[2010/01/07 18:03:14 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\4\Application Data\Mozilla\Firefox\Profiles\y1086ukb.default\searchplugins\youtube-video-search.xml
[2010/01/23 20:01:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/14 10:09:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\zoomext@starfield
[2009/03/11 08:03:22 | 00,235,520 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll
[2009/03/11 08:03:22 | 00,235,520 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll_
[2009/09/23 06:36:42 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2009/09/23 06:36:07 | 00,006,891 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 206.53.61.77 google.ae
O1 - Hosts: 206.53.61.77 google.as
O1 - Hosts: 206.53.61.77 google.at
O1 - Hosts: 206.53.61.77 google.az
O1 - Hosts: 206.53.61.77 google.ba
O1 - Hosts: 206.53.61.77 google.be
O1 - Hosts: 206.53.61.77 google.bg
O1 - Hosts: 206.53.61.77 google.bs
O1 - Hosts: 206.53.61.77 google.ca
O1 - Hosts: 206.53.61.77 google.cd
O1 - Hosts: 206.53.61.77 google.com.gh
O1 - Hosts: 206.53.61.77 google.com.hk
O1 - Hosts: 194 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TLinkAgent] C:\Program Files\D-Link\D-Link USB Phone Adapter\DPH-50U Utility.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Button Manager v1.874.lnk = C:\Program Files\INITIO\Button Manager v1.874\inihid.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1226412860250 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://rmlsfl.mlxchange.com/5.0.05.46/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Value error.)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://rmlsfl.mlxchange.com/4.3.05.62/Control/WebDog.cab (Cerebus Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 11:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\4\My Documents\Friedman RE
[2010/01/19 21:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/12 20:30:47 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/07 15:51:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/07 15:41:24 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/07 12:50:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 12:50:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 12:50:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/07 12:23:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/07 12:23:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/07 12:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/07 12:05:55 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/11 14:57:17 | 00,043,248 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slvad.sys
[2009/11/11 14:56:50 | 00,546,120 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slusbvip.sys
[2009/11/11 14:56:50 | 00,014,888 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\TLRecAgent.sys
[2009/02/11 07:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/10 08:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/08/24 10:02:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/07/12 20:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/16 11:22:16 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/24 15:02:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/24 13:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/24 13:06:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/24 10:02:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/24 10:00:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\tcbuitgy.job
[2010/01/24 09:41:30 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/01/24 09:41:23 | 00,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/24 09:41:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/24 09:40:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 09:40:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/24 09:40:49 | 13,401,33376 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/24 09:40:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/01/23 20:22:09 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\4\NTUSER.DAT
[2010/01/23 20:22:09 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\4\ntuser.ini
[2010/01/23 20:21:48 | 10,726,072 | -H-- | M] () -- C:\Documents and Settings\4\Local Settings\Application Data\IconCache.db
[2010/01/23 19:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/22 07:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/20 19:58:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/20 18:27:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/14 10:42:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 10:39:55 | 00,018,608 | ---- | M] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103949.reg
[2010/01/14 10:39:21 | 00,129,124 | ---- | M] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103914.reg
[2010/01/14 09:46:07 | 00,006,397 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2010/01/12 17:07:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 15:51:13 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\4\Desktop\HiJackThis.lnk
[2010/01/07 08:41:32 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 16:38:14 | 00,162,304 | ---- | M] () -- C:\Documents and Settings\4\My Documents\Bank Contacts.xls
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 10:42:01 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/01/14 10:39:51 | 00,018,608 | ---- | C] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103949.reg
[2010/01/14 10:39:16 | 00,129,124 | ---- | C] () -- C:\Documents and Settings\4\My Documents\cc_20100114_103914.reg
[2010/01/07 15:41:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\4\Desktop\HiJackThis.lnk
[2009/11/11 14:57:18 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\slvipco.dll
[2009/11/11 14:57:17 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\slvipgx.dll
[2009/08/26 19:17:08 | 00,099,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mgcsecp.sys
[2009/08/26 19:17:08 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\MGCSInst.dll
[2009/08/26 19:17:08 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\InstProc.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/06 08:07:34 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 12:52:07 | 00,000,009 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2009/02/03 16:53:15 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Installer.log
[2008/08/07 10:05:44 | 00,000,074 | ---- | C] () -- C:\WINDOWS\bfcomega.ini
[2008/07/28 13:17:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\Missouri.dll
[2008/05/15 15:19:17 | 00,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini
[2008/05/15 07:43:13 | 00,001,422 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2008/05/02 21:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 21:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 21:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 21:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 21:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/12/23 11:29:33 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/21 09:36:20 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2007/12/16 09:41:18 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/11 16:12:54 | 00,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/07 19:00:36 | 00,000,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/07 11:26:19 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/04/07 11:06:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/04/07 11:06:22 | 00,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/24 10:33:16 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2005/11/17 17:48:26 | 00,006,643 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2005/10/04 11:40:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\instut32.dll
[2005/09/15 11:21:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/06 10:10:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/06 09:38:46 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/06 09:38:34 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/12 08:16:58 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2003/03/09 21:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/11 16:46:15 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2000/02/17 12:57:02 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\Gn32.dll
[1999/10/13 13:59:48 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\Gns2kzip.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D79367EB
< End of report >



#13 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:27 PM

Posted 25 January 2010 - 03:59 PM

Hello mxshapiro,

It appears that you ran another OT scan instead of the fix.

Please follow the steps in my post #11 for the OTL Fix.

Pay attention to Step 3. Push

After you run the fix please post back with the OTL report. thumbup2.gif

How is your computer running?

Thanks!!
PW

#14 mxshapiro

mxshapiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 25 January 2010 - 05:47 PM

Sorry for the error...that's kind of why I need this sort of assistance. The machine works relatively fine...I'm searching using alta-vista.com in place of google.com, but otherwise it's OK....maybe a little slow but....whatever....I want to clean it up. I appreciate your effort, please see file below...MSS



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D79367EB deleted successfully.
========== REGISTRY ==========
Registry value code][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
Registry value code][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride deleted successfully.
Registry value code][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 4
->Temp folder emptied: 6916715 bytes
->Temporary Internet Files folder emptied: 14857030 bytes
->Java cache emptied: 13690479 bytes
->FireFox cache emptied: 115395620 bytes

User: Administrator
->Temp folder emptied: 2945886 bytes
->Temporary Internet Files folder emptied: 4745753 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84930990 bytes
->Apple Safari cache emptied: 14526071 bytes

User: Administrator.newstart

User: ADMINI~1~NEW

User: All Users

User: BIG BACK UP

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 69232 bytes
->Temporary Internet Files folder emptied: 10663180 bytes

User: NetworkService
->Temp folder emptied: 2768896 bytes
->Temporary Internet Files folder emptied: 246348017 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 35771939 bytes
%systemroot%\System32\dllcache .tmp files removed: 36759112 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 501652 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3581636 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 567.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.26.0 log created on 01252010_173654

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_1fc.dat moved successfully.

Registry entries deleted on Reboot...


#15 mxshapiro

mxshapiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 25 January 2010 - 06:01 PM

I just googled for the first time in weeks...YEAAAA!!!

Let me know what ever else I need to do

Thanks...MXS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users