Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blacklisted IP


  • This topic is locked This topic is locked
22 replies to this topic

#1 DAA LLC

DAA LLC

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 March 2010 - 11:24 AM

Here is my Hijackthis log file...found out yesterday when I went to the CBL site and entered our IP that our IP is blacklisted.

Started getting spam about a month to 6 weeks ago, acting as if it was us sending to us..did not think much of it as it was usually 10 or less a day.

Can't get us unblacklisted until I get our computer clean, so any help will be greatly appreciated.

Apparently AVG, MS Security Essentials and Malwarebytes can not pick up on whatever it is..

If you need any further information please let me know.

Thank you so much.

Kim

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:45 AM, on 3/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Users\Downs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MDRV9J0\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.downsauctionservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E98D7F-E75D-471C-8F0F-4C87331A95B9}: NameServer = 75.116.127.154 75.116.63.154
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8894 bytes

BC AdBot (Login to Remove)

 


#2 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 March 2010 - 06:43 PM

Hey sorry did not mean to bump...but i want the response team and moderators to know i will be out of the office until Monday so any posting will be unanswered until then so please do not close out this post, thank you

#3 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 30 March 2010 - 02:05 PM

Hey I know ya'll are busy, but if you can't help me could you at least suggest a forum that can??

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 30 March 2010 - 03:00 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 31 March 2010 - 10:06 AM

number 1 done


OTL Extras logfile created on: 3/31/2010 10:01:10 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Downs\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 58.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.72 Gb Total Space | 328.47 Gb Free Space | 72.56% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 1.78 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOWNS-PC
Current User Name: Downs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\Winword.exe" /n ()
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\Winword.exe" /x ()
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\Winword.exe" /n ()
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\Winword.exe" /x ()
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 17 A7 D2 8B 25 83 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3835230353-3306249009-4102781722-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3835230353-3306249009-4102781722-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F958693-4FE9-48F0-8F8C-D25DB57459AD}" = rport=137 | protocol=17 | dir=out | app=system |
"{5AC9A91C-A510-454D-AFED-788C8FEA6891}" = lport=139 | protocol=6 | dir=in | app=system |
"{64561485-E890-4B79-BBF8-09578E02D73D}" = rport=445 | protocol=6 | dir=out | app=system |
"{9957D18A-5735-42AA-8E94-F2F0852E7050}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A07BE67-F5D6-4685-A114-A15779072035}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AEC89FE5-6298-4D84-B6EE-E3BA5334CEE2}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC33B6E3-1F6C-4FDC-91FA-BD14DD493FDA}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB8400D5-5543-4D9D-A9D6-3417D6B714DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F27AC63C-E20C-4BCE-839F-BA9D6FE50198}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4347648-EC8F-4A9B-9002-5E6A5F5B3828}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A13729-6092-4334-913D-D806C6A39D37}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{046E68CF-7048-4771-AA5F-0FAB4890CF11}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |
"{0D2345CE-509F-470B-9C15-6B1D2CF1D245}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0EB944F3-FEF5-416B-832A-35EC848E7BBE}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{0EE0B5F5-959C-4660-8944-D05DCD116CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe |
"{0FDCE727-99C1-4FC5-976E-0EC0AB77C422}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxtime.exe |
"{0FEC904A-5C18-4E51-8F41-7E27C39C0D2F}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |
"{111B372E-6F63-4965-81CB-B713B89C60DC}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{12D473EC-21B2-4B00-9801-9F241AFDB0D8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{13A614ED-E972-4589-A44F-6A4FCE826941}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |
"{140F46BB-3F0A-47F6-8A54-39354AB3104A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\diagnostics\lxdxdiag.exe |
"{1690F937-2601-429A-B509-4EC67E882748}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
"{17532599-0293-4BD9-9759-2E6163F0AA20}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxtime.exe |
"{18E3A7A2-DC6C-452A-9547-E55C5A8CAC97}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{2B469AA2-0093-4D35-B165-DE30483D4244}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{2F72A97A-FFD0-4D42-96F2-55D659465345}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{2FE63351-18E1-4118-93D0-2E8639A7FA9B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{3380BCD5-BFF2-41F6-8DBE-C130BE61CE52}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{38E1801C-4D6D-4D80-BF8A-238271B0A9B4}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{3CE47864-FD1A-4110-9D39-05B8805B2E69}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{420798F2-1CA5-41DB-8F26-D3DA5030BB4D}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{51A6CBC5-A33D-498D-BDA9-E80606AE27F5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{52950EA3-E5E6-4923-8854-46B568220FE9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{55DCFF45-D154-4DBF-B3BF-265D2013C9A5}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5ED05EB3-AE18-4B00-B2BE-5DAE218235D8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe |
"{604E73DA-EC8E-4435-9D6B-264C60E260EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
"{61F30DB4-652F-4CCD-A90D-5400C04D0453}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe |
"{62DD1E0A-1565-450A-B7B4-06A123B23C6F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{6C8A7242-5E67-4272-9040-E3806B1F099D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{70BEE055-FD2E-46CF-A917-273BE2A73D4A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{73DF8D02-D23C-47BF-8EDF-7DB36CBB711C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |
"{7BB9363A-091A-4A46-B6B0-B9409B10A4F7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
"{7E66A307-B8B9-4AE9-9942-BBB434295626}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{8172DDE6-3AA6-44EE-956D-5AEE835E9ABB}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |
"{83372EB6-872D-4706-AB8D-686494C6942A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{8FEE5ED0-421C-416F-AAF9-17ACF46A1014}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9152DB09-889C-47D8-8476-5B5A08EEA7DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{92348D15-91EF-429F-8316-000C7E67C5F6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{971FD86C-7D69-4F52-9A08-AB44A8126D91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97E5BAD6-967C-4E39-A672-3C67CE618E10}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{97FC8904-3BF2-44E0-A78A-5AB509D0181E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |
"{9B145BCA-C672-441B-814A-25EE27E44661}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\diagnostics\lxdxdiag.exe |
"{9CBCA998-F492-417D-A0EC-99C9344F289C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{A0DF78CA-E85F-4FCA-B95B-2EEC098F1046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AD6DE7C6-AEEA-4511-BCA1-81A9BD53664E}" = dir=in | app=c:\program files (x86)\avg\avg8\avgam.exe |
"{AFC7798B-1D48-4F43-ADED-58C0C5C5C371}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxlscn.exe |
"{B6DC5D45-8B5B-4756-9B4C-00FA3C49E1E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{B9D10D96-8443-45E3-BDDD-101533438C9F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
"{BEAE7C6F-31BB-4A97-AAB5-5FF0D468C5B9}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{C20FA7F1-9696-4D8B-BA6C-2705D228994B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2D9CAD5-47C3-4BFA-9CE7-A8BE1EFD906A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C54BD46F-C744-45D6-A9D3-343B046DC889}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{CEBBA8C4-122A-4E52-B905-385CF235D048}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{D0958979-8B0E-43E8-B453-2F1E383EA0B2}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D77F951E-FCD4-408D-81C4-ED127CA5C59F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{DD77C756-FDB2-415D-B177-8DCB131ED793}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E7F5C7CA-5FA3-454C-8544-7CA56DBE66E0}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ECA8B494-CE62-46FF-8ADD-A420C97CA7F2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{EECCB70F-7719-4094-B047-03AB09EF9F86}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |
"{F709DF71-1FC1-4908-B85F-28AE350E5943}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{FC8500C3-FF51-4244-89CA-BB33BAB954DF}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |
"TCP Query User{FF85E586-AA40-497E-A37D-5B385D5FC0EB}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |
"UDP Query User{BFC488DA-7588-4E12-B019-9F4C20866A33}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E6C415F-7708-4A8F-9509-11C98988BDCA}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5AB0C6D3-E546-44C2-8B63-C9044FCC9AC0}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SMSERIAL" = Motorola SM56 Speakerphone Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BF953F1A-F946-4804-875D-94B6A6C05CE1}" = Business Card Factory Deluxe 2.0
"{C465102A-DD04-411A-AB4B-032DDEA5B66A}" = MyMailList 6.2.0.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E5BD1F9C-8BBA-410E-837D-94D523269F8F}" = ArcSoft MediaConverter
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe ActiveShare" = Adobe ActiveShare 1.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG 9.0
"Excel" = Microsoft Excel 97
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"OJOsoft MOV Converter_is1" = OJOsoft MOV Converter
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Word8.0" = Microsoft Word 97
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2010 1:19:19 PM | Computer Name = Downs-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 3/26/2010 1:19:51 PM | Computer Name = Downs-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 10:02:29 AM | Computer Name = Downs-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 10:04:25 AM | Computer Name = Downs-PC | Source = WcesComm | ID = 2
Description = Failed to start the Windows Mobile legacy device connectivity service
due to Rapimgr(0x80004002) failure (see data for failure code).

Error - 3/29/2010 2:44:19 PM | Computer Name = Downs-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 2:45:23 PM | Computer Name = Downs-PC | Source = WcesComm | ID = 2
Description = Failed to start the Windows Mobile legacy device connectivity service
due to Rapimgr(0x80004002) failure (see data for failure code).

Error - 3/29/2010 4:50:43 PM | Computer Name = Downs-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 4:52:08 PM | Computer Name = Downs-PC | Source = WcesComm | ID = 2
Description = Failed to start the Windows Mobile legacy device connectivity service
due to Rapimgr(0x80004002) failure (see data for failure code).

Error - 3/29/2010 5:16:28 PM | Computer Name = Downs-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 5:18:17 PM | Computer Name = Downs-PC | Source = WcesComm | ID = 2
Description = Failed to start the Windows Mobile legacy device connectivity service
due to Rapimgr(0x80004002) failure (see data for failure code).

[ System Events ]
Error - 3/30/2010 3:56:04 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/30/2010 3:56:04 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/30/2010 3:56:04 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/30/2010 3:56:04 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/30/2010 3:57:21 PM | Computer Name = Downs-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/30/2010 4:02:59 PM | Computer Name = Downs-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/30/2010 4:03:27 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/30/2010 4:03:27 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/30/2010 4:03:27 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/30/2010 4:03:27 PM | Computer Name = Downs-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

OTL logfile created on: 3/31/2010 10:01:10 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Downs\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 58.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.72 Gb Total Space | 328.47 Gb Free Space | 72.56% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 1.78 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOWNS-PC
Current User Name: Downs
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/31 10:00:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Downs\Desktop\OTL.exe
PRC - [2010/01/14 10:50:05 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2009/12/23 10:42:03 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2009/10/26 15:39:30 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/26 15:39:29 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2009/10/26 15:39:29 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2009/10/26 15:39:28 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/26 15:39:27 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2009/10/26 15:39:26 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/03/20 01:25:43 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2008/03/20 01:25:42 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 10:00:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Downs\Desktop\OTL.exe
MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/16 19:00:54 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/02/27 19:53:31 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/02/08 17:51:08 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2010/01/14 10:50:05 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/10/26 15:39:29 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/26 15:39:28 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/26 15:39:26 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/29 23:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/27 19:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/02/08 17:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/09 10:55:13 | 000,470,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/10/26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2009/10/26 15:39:33 | 000,422,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/10/26 15:39:33 | 000,201,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2009/10/26 15:39:33 | 000,034,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/10/26 15:39:33 | 000,027,144 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\AVGIDSva.sys -- (AVGIDSErHrvta)
DRV:64bit: - [2009/10/26 15:39:26 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/05 11:42:38 | 000,048,640 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/04/11 00:39:35 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\winusb.sys -- (winusb)
DRV:64bit: - [2009/03/19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/09/09 20:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/07 12:23:56 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2008/06/02 16:28:52 | 000,247,808 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2008/01/20 21:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009/10/26 15:39:27 | 000,132,616 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys -- (AVGIDSDrivervta)
DRV - [2009/10/26 15:39:27 | 000,035,848 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys -- (AVGIDSFiltervta)
DRV - [2009/03/20 19:03:36 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/01/20 21:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (winusb)
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [1999/05/16 19:34:08 | 000,054,272 | ---- | M] (FlashPoint Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\Serial.ocx -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3835230353-3306249009-4102781722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKU\S-1-5-21-3835230353-3306249009-4102781722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.downsauctionservice.com/
IE - HKU\S-1-5-21-3835230353-3306249009-4102781722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3835230353-3306249009-4102781722-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdxamon] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O18:64bit: - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Downs\Pictures\My Pretty Cows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Downs\Pictures\My Pretty Cows.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{21438006-c89c-11dd-bd9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{66c780bc-383c-11df-8485-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{66c780bc-383c-11df-8485-806e6f6e6963}\Shell\AutoRun\command - "" = K:\VZAccess_Manager.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/31 10:00:19 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Downs\Desktop\OTL.exe
[2010/03/30 17:50:50 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/03/30 13:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/30 13:13:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/30 13:13:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/30 13:13:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/30 11:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2010/03/30 11:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2010/03/30 10:39:25 | 000,000,000 | ---D | C] -- C:\Users\Downs\.SunDownloadManager
[2010/03/29 15:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/29 15:27:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/03/26 12:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/03/26 10:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2010/03/26 09:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/03/25 15:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/25 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/03/25 14:02:27 | 000,000,000 | ---D | C] -- C:\Users\Downs\AppData\Roaming\Smith Micro
[2010/03/25 13:36:55 | 000,000,000 | ---D | C] -- C:\Users\Downs\AppData\Roaming\Verizon Wireless
[2010/03/25 13:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon Wireless
[2010/03/25 13:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Wireless
[2010/03/25 13:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novatel Wireless
[2010/03/12 11:54:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/12 11:54:12 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/12 11:54:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/12 11:54:10 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2009/08/18 16:32:59 | 000,114,660 | ---- | C] (http://www.ojosoft.com ) -- C:\Users\Downs\AppData\Local\mov-converter.exe.tp!
[2009/06/04 17:00:19 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll
[2009/06/04 17:00:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll
[2009/06/04 17:00:19 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll
[2009/06/04 17:00:18 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll
[2009/06/04 17:00:18 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll
[2009/06/04 17:00:18 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll
[2009/06/04 17:00:18 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll
[2009/06/04 17:00:18 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll
[2009/06/04 17:00:17 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll
[2009/06/04 17:00:17 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll
[2009/01/28 11:32:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2009/01/28 11:32:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2009/01/28 11:32:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2009/01/28 11:32:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2009/01/28 11:32:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2009/01/28 11:32:05 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2009/01/28 11:32:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2009/01/28 11:32:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2009/01/28 11:32:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2009/01/28 11:32:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2009/01/28 11:32:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/31 10:00:58 | 003,407,872 | -HS- | M] () -- C:\Users\Downs\NTUSER.DAT
[2010/03/31 10:00:25 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Downs\Desktop\OTL.exe
[2010/03/31 09:45:31 | 000,000,315 | ---- | M] () -- C:\Windows\win.ini
[2010/03/31 09:02:51 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/31 09:02:51 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/30 17:17:59 | 058,284,552 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/03/30 15:55:09 | 000,024,576 | ---- | M] () -- C:\Users\Downs\Documents\ParkvilleGrnAcresAdv.doc
[2010/03/30 15:35:57 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/30 15:35:57 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/30 15:35:57 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/30 15:02:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/30 15:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/30 15:00:48 | 000,524,288 | -HS- | M] () -- C:\Users\Downs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/30 15:00:48 | 000,065,536 | -HS- | M] () -- C:\Users\Downs\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/30 15:00:34 | 002,643,330 | -H-- | M] () -- C:\Users\Downs\AppData\Local\IconCache.db
[2010/03/30 14:54:08 | 881,418,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/30 13:13:23 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/30 13:13:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/30 13:13:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/03/30 13:13:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/30 12:13:45 | 000,037,376 | ---- | M] () -- C:\Users\Downs\Documents\TNLtrGdStnd.doc
[2010/03/30 11:43:21 | 000,007,688 | ---- | M] () -- C:\Users\Downs\Documents\hijackthisbeta
[2010/03/30 11:42:49 | 000,002,553 | ---- | M] () -- C:\Users\Downs\Desktop\HiJackThis.lnk
[2010/03/30 10:21:21 | 000,574,961 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/03/29 12:44:59 | 000,019,456 | ---- | M] () -- C:\Users\Downs\Documents\BrendasSfgAdvII.doc
[2010/03/29 09:02:08 | 000,099,880 | ---- | M] () -- C:\Users\Downs\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/29 09:01:34 | 000,367,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/26 16:53:48 | 000,040,448 | ---- | M] () -- C:\Users\Downs\Documents\RSIHoldingContract.doc
[2010/03/26 10:27:38 | 000,039,936 | ---- | M] () -- C:\Users\Downs\Documents\RSIHolding.doc
[2010/03/26 09:56:37 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2010/03/25 15:11:42 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/03/25 13:36:20 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2010/03/25 11:31:01 | 000,000,134 | ---- | M] () -- C:\Users\Downs\Desktop\Windows Defender - Shortcut.lnk
[2010/03/25 11:25:22 | 000,023,552 | ---- | M] () -- C:\Users\Downs\Documents\BrendasLgAdv.doc
[2010/03/25 11:19:40 | 000,000,000 | -H-- | M] () -- C:\Users\Downs\Documents\Default.rdp
[2010/03/23 20:44:18 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/19 14:46:43 | 000,039,936 | ---- | M] () -- C:\Users\Downs\Documents\AdvancedAirLtr.doc
[2010/03/18 08:20:42 | 000,020,480 | ---- | M] () -- C:\Users\Downs\Documents\MacKenziesStJoeAdv.doc
[2010/03/18 08:03:37 | 000,019,456 | ---- | M] () -- C:\Users\Downs\Documents\MacKenziesKCAdv.doc
[2010/03/18 07:52:56 | 000,019,456 | ---- | M] () -- C:\Users\Downs\Documents\MacKenziesSgfAdv.doc
[2010/03/18 07:46:46 | 000,019,456 | ---- | M] () -- C:\Users\Downs\Documents\ShackSgfAdv.doc
[2010/03/15 11:15:21 | 000,037,376 | ---- | M] () -- C:\Users\Downs\Documents\HutslerFinSett.doc
[2010/03/11 12:58:21 | 000,020,992 | ---- | M] () -- C:\Users\Downs\Documents\ShackBigNickelAdv.doc
[2010/03/11 12:23:54 | 000,020,992 | ---- | M] () -- C:\Users\Downs\Documents\ShackLgAdv.doc
[2010/03/11 11:14:16 | 000,019,456 | ---- | M] () -- C:\Users\Downs\Documents\WilliamsSgfReminder.doc
[2010/03/09 15:47:44 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/03/04 10:35:41 | 000,053,248 | ---- | M] () -- C:\Users\Downs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 10:27:38 | 000,020,480 | ---- | M] () -- C:\Users\Downs\Documents\PioneerSmAdv.doc
[2010/03/03 10:13:55 | 000,020,480 | ---- | M] () -- C:\Users\Downs\Documents\PioneerKCAdv4.doc
[2010/03/01 15:42:15 | 000,019,968 | ---- | M] () -- C:\Users\Downs\Documents\WilliamsSgfAdv.doc
[2010/03/01 14:57:04 | 000,025,088 | ---- | M] () -- C:\Users\Downs\Documents\WilliamsLgAdv.doc
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/30 15:05:21 | 000,024,576 | ---- | C] () -- C:\Users\Downs\Documents\ParkvilleGrnAcresAdv.doc
[2010/03/30 14:54:08 | 881,418,260 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/30 12:09:56 | 000,037,376 | ---- | C] () -- C:\Users\Downs\Documents\TNLtrGdStnd.doc
[2010/03/30 11:43:21 | 000,007,688 | ---- | C] () -- C:\Users\Downs\Documents\hijackthisbeta
[2010/03/30 09:38:48 | 000,002,553 | ---- | C] () -- C:\Users\Downs\Desktop\HiJackThis.lnk
[2010/03/29 12:41:42 | 000,019,456 | ---- | C] () -- C:\Users\Downs\Documents\BrendasSfgAdvII.doc
[2010/03/26 16:44:36 | 000,040,448 | ---- | C] () -- C:\Users\Downs\Documents\RSIHoldingContract.doc
[2010/03/26 10:21:04 | 000,039,936 | ---- | C] () -- C:\Users\Downs\Documents\RSIHolding.doc
[2010/03/25 15:11:42 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/03/25 13:36:20 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2010/03/25 11:31:01 | 000,000,134 | ---- | C] () -- C:\Users\Downs\Desktop\Windows Defender - Shortcut.lnk
[2010/03/25 11:19:40 | 000,000,000 | -H-- | C] () -- C:\Users\Downs\Documents\Default.rdp
[2010/03/25 09:41:33 | 000,023,552 | ---- | C] () -- C:\Users\Downs\Documents\BrendasLgAdv.doc
[2010/03/19 14:40:19 | 000,039,936 | ---- | C] () -- C:\Users\Downs\Documents\AdvancedAirLtr.doc
[2010/03/15 11:06:19 | 000,037,376 | ---- | C] () -- C:\Users\Downs\Documents\HutslerFinSett.doc
[2010/03/11 12:39:06 | 000,020,992 | ---- | C] () -- C:\Users\Downs\Documents\ShackBigNickelAdv.doc
[2010/03/11 12:02:45 | 000,020,992 | ---- | C] () -- C:\Users\Downs\Documents\ShackLgAdv.doc
[2010/03/11 11:02:19 | 000,019,456 | ---- | C] () -- C:\Users\Downs\Documents\ShackSgfAdv.doc
[2010/03/10 10:43:02 | 000,019,456 | ---- | C] () -- C:\Users\Downs\Documents\MacKenziesSgfAdv.doc
[2010/03/10 10:35:32 | 000,020,480 | ---- | C] () -- C:\Users\Downs\Documents\MacKenziesStJoeAdv.doc
[2010/03/10 10:15:46 | 000,019,456 | ---- | C] () -- C:\Users\Downs\Documents\MacKenziesKCAdv.doc
[2010/03/10 10:09:32 | 000,019,456 | ---- | C] () -- C:\Users\Downs\Documents\WilliamsSgfReminder.doc
[2010/03/03 10:27:36 | 000,020,480 | ---- | C] () -- C:\Users\Downs\Documents\PioneerSmAdv.doc
[2010/03/03 10:13:54 | 000,020,480 | ---- | C] () -- C:\Users\Downs\Documents\PioneerKCAdv4.doc
[2010/03/01 15:27:06 | 000,019,968 | ---- | C] () -- C:\Users\Downs\Documents\WilliamsSgfAdv.doc
[2010/03/01 10:26:33 | 000,025,088 | ---- | C] () -- C:\Users\Downs\Documents\WilliamsLgAdv.doc
[2009/12/19 21:06:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/19 21:05:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/08 12:58:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll
[2009/09/08 12:58:11 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll
[2009/07/30 13:59:01 | 000,221,250 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL90SP1_KB973924MSI2C42.txt
[2009/07/30 13:59:01 | 000,012,896 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL90SP1_KB973924UI2C42.txt
[2009/07/30 13:58:48 | 000,219,040 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL90SP1_KB973924MSI2C18.txt
[2009/07/30 13:58:48 | 000,012,864 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL90SP1_KB973924UI2C18.txt
[2009/07/30 13:58:28 | 000,521,968 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL80SP1_KB973923MSI2BCD.txt
[2009/07/30 13:58:25 | 000,012,800 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL80SP1_KB973923UI2BCD.txt
[2009/07/30 13:58:03 | 000,522,242 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL80SP1_KB973923MSI2B85.txt
[2009/07/30 13:58:03 | 000,012,832 | ---- | C] () -- C:\Users\Downs\AppData\Local\dd_ATL80SP1_KB973923UI2B85.txt
[2009/06/05 09:52:45 | 000,000,431 | ---- | C] () -- C:\ProgramData\lxdxDiagnostics.log
[2009/06/05 09:43:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/06/04 17:02:08 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll
[2009/06/04 17:00:20 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll
[2009/06/04 17:00:20 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll
[2009/01/28 16:26:35 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\Dc50ip32.dll
[2009/01/28 16:26:35 | 000,065,864 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys
[2009/01/28 16:26:35 | 000,007,808 | ---- | C] () -- C:\Windows\SysWow64\dc240u.sys
[2009/01/28 16:26:34 | 000,248,832 | ---- | C] () -- C:\Windows\SysWow64\ECircles.dll
[2009/01/28 16:26:34 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\SoyWeb.dll
[2009/01/28 16:26:34 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\ImgLibLead.dll
[2009/01/28 16:18:54 | 000,053,248 | ---- | C] () -- C:\Users\Downs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/28 16:06:55 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/28 11:32:06 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2009/01/28 11:32:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2009/01/28 11:31:39 | 000,000,457 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/01/26 17:34:12 | 000,005,324 | ---- | C] () -- C:\Users\Downs\AppData\Local\d3d9caps.dat
[2009/01/26 17:34:07 | 000,000,732 | ---- | C] () -- C:\Users\Downs\AppData\Local\d3d9caps64.dat
[2008/11/12 07:07:06 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/11/12 07:07:06 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[1997/08/19 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1997/08/19 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
[1997/08/14 01:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1997/08/14 01:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\XLREC.DLL
[1997/08/14 01:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\RECNCL.DLL
[1997/08/14 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
< End of report >



#6 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 31 March 2010 - 11:17 AM

gmer showed nothing

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 31 March 2010 - 11:52 AM

QUOTE
Started getting spam about a month to 6 weeks ago, acting as if it was us sending to us..did not think much of it as it was usually 10 or less a day.

Can't get us unblacklisted until I get our computer clean, so any help will be greatly appreciated.

Apparently AVG, MS Security Essentials and Malwarebytes can not pick up on whatever it is..
Things look clean to me. Is it possible that the IP was previously used by someone else who got it blacklisted?

How is your computer running? Any signs it might be infected (popups, redirects, strange errors, ...)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 31 March 2010 - 12:04 PM

Computer is running fine, except when trying to send email thru Windows Mail. We have had this computer for 2 years now and our internet connection longer than that. No indications of any malware prior to all of a sudden not being able to email via Windows Mail.

I am kind of afraid to request the ip address be removed from the blacklist as we seem (checking via webmail) to be still getting those emails.

Thanks,
Kim

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 31 March 2010 - 12:38 PM

Did you change all your email passwords?

Mail accounts get often hacked without malware being on a system. Its important to have a strong password so it will be harder for a hacker to get it.

Do you have a static or a dynamic IP address?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 31 March 2010 - 12:47 PM

Also, what about all those "unknown owner" & "missing file" items in the Hijack this log? Any ideas?

#11 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 31 March 2010 - 12:53 PM

QUOTE(elise025 @ Mar 31 2010, 12:38 PM) View Post
Did you change all your email passwords?

Mail accounts get often hacked without malware being on a system. Its important to have a strong password so it will be harder for a hacker to get it.

Do you have a static or a dynamic IP address?



Ok no had not thought of changing password but will do that.

and not sure how to tell about the IP address..

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 31 March 2010 - 01:35 PM

To check if your IP address is dynamic or static, note down your current IP address, disconnect from the internet, reconnect, look at the new IP address and see if both are the same.

If they are, you have a static IP, if they are not, you have a dynamic IP address.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 01 April 2010 - 10:32 AM

Apparently it is a dynamic..so how does that blacklist thing work then? if the ip is changing? Thank you Elsie for all your help you have been wonderful..

Kim

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 01 April 2010 - 11:03 AM

Hi Kim,

This means your ISP changes your IP address every time you connect to the internet. The available IP addressed are assigned to different users that have an internet connection from that ISP (Internet Service Provider).

It is possible one of the other users did something that got them blacklisted and when that IP address was assigned to you, it showed up as blacklisted.

What you can do if you encounter a problem due to that, is disconnect and reconnect to the internet. That way you will get another IP address assigned and no more problems. You also can request a static IP address (this means you have one IP address that only you use), however most ISP charge extra for this service.

Let me know if changing the passwords, fixed the spam mails issues.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 DAA LLC

DAA LLC
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 01 April 2010 - 01:24 PM

Thanks, I will check in with you tomorrow, I am swamped today here as it is advertising day, ugh.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users