Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can anyone analyze my hijack log?


  • This topic is locked This topic is locked
10 replies to this topic

#1 JESSICATEXAS

JESSICATEXAS

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 12 May 2010 - 12:46 PM

hello all im having problem with my computer at times randomly getting a blue error screen and a friend suggested i post a log here, these are my results can someone be kind enough to analyze and let me know what i should do thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:08 PM, on 5/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Karina\Local Settings\Temporary Internet Files\Content.IE5\P0EWDFA4\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {aaad0535-d78b-44b1-b06e-ca210830a94b} - (no file)
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6722 bytes


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 13 May 2010 - 10:57 AM

Hello, JESSICATEXAS
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






We Need to Diagnose Your BlueScreen
  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:






  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 JESSICATEXAS

JESSICATEXAS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 13 May 2010 - 12:09 PM

Ok thanks when i get the error screen ill post the message, it usually only happens around 10am - 10:15 am everyday so today its already came and gone. Ill do it tomorrow thank you very much!

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 13 May 2010 - 03:56 PM

Ok smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 JESSICATEXAS

JESSICATEXAS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 14 May 2010 - 12:20 PM

Thanks again for your response, the blue error i got is as follows

"IRQL_NOT_LESS_OR_EQUAL_

Stop: 0x0000000A (0x8735B4A0, 0x00000002, 0x00000000x 0x805037CA)

I had looked it up and i tried updating my drivers with software called "device doctor" but still get error.

ALso, while I was scanning with the OTL.exe tool on your post I got another blue error message as follows:

"A device driver attempting to corrupt the system has been detected...." and i didnt get to write it all down but the stop error is

Stop: 0x000000C4 (0x00000090, 0xFFDFF120, 0x00000000, 0x00000000

**EDIT after trying the 2nd scan again with the OTL.exe tool i got the same blue error as mentioned before--

"A device driver attempting to corrupt the system has been detected...."

Stop: 0x000000C4 (0x00000090, 0xFFDFF120, 0x00000000, 0x00000000

Should i keep trying to scan it? Ill wait for response thanks if i dont reply today ill reply on monday after weekend. THanks again!

I will attempt to scan again and post my results. Thanks a bunch again!

Edited by JESSICATEXAS, 14 May 2010 - 12:35 PM.


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 17 May 2010 - 09:03 AM

Yes, please try OTL again.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 JESSICATEXAS

JESSICATEXAS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 17 May 2010 - 12:29 PM

ok I was finally able to scan it here are the results

OTL Scan------------------------------------------------------------------------
OTL logfile created on: 5/17/2010 11:49:49 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Karina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 368.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.36 Gb Free Space | 39.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KARINA-QCYJSEPZ
Current User Name: Karina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/14 11:47:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karina\Desktop\OTL.exe
PRC - [2010/04/28 09:33:56 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/23 09:59:33 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/23 09:59:16 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/10/07 15:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008/10/07 15:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2010/05/14 11:47:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karina\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/08/23 09:59:16 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/10/14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2010/04/12 02:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 02:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2009/08/23 09:59:32 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/23 09:59:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/01/10 18:25:00 | 000,923,826 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/10/18 14:05:14 | 000,073,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2004/10/18 14:05:00 | 000,026,104 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2004/08/03 23:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/12 06:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 05:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 22:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/07/17 20:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 12:06:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/10 20:10:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/30 10:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/27 09:58:03 | 000,000,000 | ---D | M]

[2010/04/27 09:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Mozilla\Extensions
[2010/04/27 09:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karina\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/31 10:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Mozilla\Firefox\Profiles\g7nxegut.default\extensions
[2009/12/15 16:31:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Karina\Application Data\Mozilla\Firefox\Profiles\g7nxegut.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/04/26 12:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Mozilla\Firefox\Profiles\g7nxegut.default\extensions\toolbar@ask.com
[2010/04/26 12:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/15 16:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
[2009/10/12 10:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2009/07/11 12:37:21 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll

O1 HOSTS File: ([2010/04/09 11:49:15 | 000,387,364 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13361 more lines...
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Karina\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 129
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (cru629.dat) - File not found
O20 - AppInit_DLLs: (FILES\QUI) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Karina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Karina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/28 12:37:56 | 000,000,035 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4e8887d2-1f50-11dc-8fed-00142a02da8b}\Shell - "" = AutoRun
O33 - MountPoints2\{4e8887d2-1f50-11dc-8fed-00142a02da8b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e8887d2-1f50-11dc-8fed-00142a02da8b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4e8887d3-1f50-11dc-8fed-00142a02da8b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e8887d3-1f50-11dc-8fed-00142a02da8b}\Shell\Explore\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{4e8887d3-1f50-11dc-8fed-00142a02da8b}\Shell\Open\command - "" = G:\system.exe -- File not found
O33 - MountPoints2\{ba9f6eae-2781-11de-939d-00142a02da8b}\Shell\AutoRun\command - "" = E:\ktnquo.exe -- File not found
O33 - MountPoints2\{ba9f6eae-2781-11de-939d-00142a02da8b}\Shell\explore\Command - "" = E:\ktnquo.exe -- File not found
O33 - MountPoints2\{ba9f6eae-2781-11de-939d-00142a02da8b}\Shell\open\Command - "" = E:\ktnquo.exe -- File not found
O33 - MountPoints2\{ff82be05-fec2-11de-9561-00142a02da8b}\Shell - "" = AutoRun
O33 - MountPoints2\{ff82be05-fec2-11de-9561-00142a02da8b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/29 19:16:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/14 11:46:56 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karina\Desktop\OTL.exe
[2010/05/12 11:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\My Documents\Yari
[2010/05/06 10:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Desktop\MemTest
[2010/05/04 17:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\My Documents\CHARTS
[2010/05/04 16:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Application Data\PrimoPDF
[2010/05/04 16:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/05/04 12:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Application Data\j2 Global
[2010/04/29 09:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Desktop\rootalyz-0.3.4.47
[2010/04/29 09:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/04/28 12:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Local Settings\Application Data\RadarSync
[2010/04/28 12:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\RadarSync
[2010/04/28 12:06:16 | 000,073,576 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LMouFlt2.Sys
[2010/04/28 12:06:16 | 000,026,104 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidFlt2.Sys
[2010/04/28 11:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\My Documents\My Drivers
[2010/04/28 11:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Local Settings\Application Data\Innovative Solutions
[2010/04/28 11:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/04/28 11:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/04/28 11:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/04/27 11:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/04/26 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/26 12:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/26 12:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/26 12:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/26 12:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Local Settings\Application Data\AskToolbar
[2010/04/26 12:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/23 12:56:38 | 000,000,000 | ---D | C] -- C:\Compaq
[2010/04/23 11:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\MouseWare
[2010/04/23 11:55:41 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/04/22 12:02:08 | 000,000,000 | ---D | C] -- C:\HP Universal Print Driver PCL5 v5.0.1
[2010/04/22 11:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\SiS VGA Utilities V3.88
[2010/04/22 11:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Application Data\DeviceDoctorSoftware
[2010/04/22 11:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Device Doctor
[2010/04/16 14:10:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Karina\IECompatCache
[2010/04/16 13:51:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Karina\PrivacIE
[2010/04/16 13:49:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Karina\IETldCache
[2010/04/16 13:45:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/16 13:42:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/10 20:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2010/03/10 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/10 20:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(2)
[2010/03/10 20:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2010/03/10 20:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/04 16:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Application Data\j2 Global(2)
[2010/03/04 16:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\Application Data\eFax Messenger
[2010/03/04 16:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Setup
[2010/03/04 16:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/03/04 16:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karina\My Documents\eFax Messenger 4.4
[2010/03/04 16:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2010/03/02 11:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Excel to PDF Converter
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Karina\My Documents\*.tmp files -> C:\Documents and Settings\Karina\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/17 11:07:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/17 11:07:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 08:46:22 | 060,075,572 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/17 08:43:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/15 17:26:07 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\Karina\ntuser.dat
[2010/05/15 17:26:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Karina\ntuser.ini
[2010/05/14 14:38:06 | 000,014,781 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\212.jpg
[2010/05/14 11:47:05 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karina\Desktop\OTL.exe
[2010/05/14 11:09:07 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\Microsoft Office FrontPage 2003.lnk
[2010/05/12 10:28:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/11 08:51:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/10 18:08:49 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\Introduction Sheet H&H.doc
[2010/05/08 15:40:09 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\karina iowa lots.xls
[2010/05/07 11:09:16 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\Rio Bank ACH Direct Debit.lnk
[2010/05/06 12:44:53 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\BLANKINVOICE4SCHOOLS.xls
[2010/05/05 10:28:53 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\blank invoice.xls
[2010/05/04 16:22:05 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/05/04 16:21:46 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini
[2010/05/04 11:58:27 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Karina\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/05/04 11:58:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\eFax Compose Fax 4.4.lnk
[2010/05/04 11:58:27 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\eFax Messenger 4.4.lnk
[2010/05/04 11:58:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/05/02 21:55:14 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Karina\webct_upload_applet.properties
[2010/05/02 19:52:46 | 000,223,744 | ---- | M] () -- C:\Documents and Settings\Karina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/01 10:00:00 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\G_BAL_MariaMolina.job
[2010/04/29 16:02:43 | 000,100,102 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\Massage Masters ACH Debit Authorization Form.pdf
[2010/04/29 09:55:11 | 000,153,641 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\Runalyzerlog
[2010/04/29 09:53:50 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2010/04/28 21:11:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/28 13:41:16 | 000,001,264 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/28 13:41:16 | 000,000,257 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/28 13:01:58 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Device Doctor.lnk
[2010/04/28 12:44:07 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2010/04/28 12:37:56 | 000,000,035 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/27 18:04:20 | 000,149,094 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\CPALETTER0001.jpg
[2010/04/27 16:30:25 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\SNH 106.doc
[2010/04/26 13:43:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Karina\My Documents\~$NH 106.doc
[2010/04/26 12:43:21 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\Shortcut to firefox.lnk
[2010/04/26 12:31:33 | 000,629,506 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/26 12:31:33 | 000,520,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/26 12:31:33 | 000,096,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/26 10:27:52 | 000,116,137 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0011.jpg
[2010/04/26 10:27:32 | 000,159,256 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0010.jpg
[2010/04/26 10:27:12 | 000,148,266 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0009.jpg
[2010/04/24 16:05:58 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\gift certificate,pink.doc
[2010/04/23 16:43:47 | 000,145,857 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0008.jpg
[2010/04/23 16:43:27 | 000,213,667 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0007.jpg
[2010/04/23 16:43:07 | 000,213,940 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0006.jpg
[2010/04/23 16:42:46 | 000,215,030 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0005.jpg
[2010/04/23 16:42:26 | 000,214,740 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0004.jpg
[2010/04/23 16:42:05 | 000,209,203 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0003.jpg
[2010/04/23 16:41:45 | 000,214,199 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0002.jpg
[2010/04/23 16:41:24 | 000,121,623 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\scan0001.jpg
[2010/04/22 15:03:36 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\SNH 100 HISTORY OF NATUROPATHY.doc
[2010/04/20 10:35:37 | 000,244,782 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\sierratitlereceipt.JPG
[2010/04/16 10:43:40 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\wnejelu.sys
[2010/04/15 17:36:34 | 000,077,312 | -H-- | M] () -- C:\WINDOWS\bill107(2).exe
[2010/04/09 11:49:15 | 000,387,364 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/07 11:52:57 | 000,022,623 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\Form 1500 for Insurnace Claims.pdf
[2010/04/02 09:49:06 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\20090915_133100_Karina.job
[2010/03/31 14:16:41 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Karina\Desktop\~$ACH.doc
[2010/03/31 14:16:40 | 000,274,548 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\ACH.doc
[2010/03/31 14:07:00 | 000,030,507 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\Application for Ach Origination for Custs.pdf
[2010/03/30 15:12:56 | 000,801,280 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\tissues.doc
[2010/03/30 14:05:51 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/30 14:05:51 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/03/29 21:02:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Karina\My Documents\~$onsorship Letter cnhp.doc
[2010/03/12 17:17:28 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\ENVELOPE_TEMPLATE.pub
[2010/03/12 17:16:10 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Karina\Desktop\BIGYellowENVELOPE_TEMPLATE.pub
[2010/03/08 23:48:17 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\prefixes&suffixes spanish.doc
[2010/03/08 23:13:23 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\prefixes&suffixes.doc
[2010/03/06 17:47:00 | 000,012,194 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\DIETA 1 PRIMERA SEMANA.docx
[2010/02/23 18:00:42 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\SNH 160 living chemistry.doc
[2010/02/19 13:01:33 | 000,541,696 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\math realestate mortgage calculations.doc
[2010/02/17 10:10:28 | 000,127,488 | ---- | M] () -- C:\WINDOWS\System32\cardsoko.dll
[2010/02/17 10:10:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\mfoko.sys
[2010/02/16 21:26:11 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\A&E TACO MULTIPLICATION.doc
[2010/02/16 19:12:40 | 000,171,520 | ---- | M] () -- C:\Documents and Settings\Karina\My Documents\A&E prices.doc
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Karina\My Documents\*.tmp files -> C:\Documents and Settings\Karina\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 14:40:17 | 000,014,781 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\212.jpg
[2010/05/10 18:08:49 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\Introduction Sheet H&H.doc
[2010/05/07 11:06:16 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\Rio Bank ACH Direct Debit.lnk
[2010/05/06 12:35:41 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\BLANKINVOICE4SCHOOLS.xls
[2010/05/04 16:22:05 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/05/04 16:21:48 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/04 11:58:27 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Karina\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/05/04 11:58:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\eFax Compose Fax 4.4.lnk
[2010/05/04 11:58:26 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\eFax Messenger 4.4.lnk
[2010/05/02 21:55:14 | 000,000,100 | ---- | C] () -- C:\Documents and Settings\Karina\webct_upload_applet.properties
[2010/04/29 16:02:42 | 000,100,102 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\Massage Masters ACH Debit Authorization Form.pdf
[2010/04/29 09:55:11 | 000,153,641 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\Runalyzerlog
[2010/04/28 13:01:58 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Device Doctor.lnk
[2010/04/28 12:57:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/04/28 12:38:03 | 000,028,672 | ---- | C] () -- C:\WINDOWS\S4TSR.EXE
[2010/04/27 18:04:29 | 000,149,094 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\CPALETTER0001.jpg
[2010/04/26 13:43:24 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\SNH 106.doc
[2010/04/26 13:43:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Karina\My Documents\~$NH 106.doc
[2010/04/26 12:43:20 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\Shortcut to firefox.lnk
[2010/04/26 10:28:01 | 000,159,256 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0010.jpg
[2010/04/26 10:28:01 | 000,148,266 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0009.jpg
[2010/04/26 10:28:01 | 000,116,137 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0011.jpg
[2010/04/24 16:05:58 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\gift certificate,pink.doc
[2010/04/23 16:43:59 | 000,215,030 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0005.jpg
[2010/04/23 16:43:59 | 000,213,940 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0006.jpg
[2010/04/23 16:43:59 | 000,213,667 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0007.jpg
[2010/04/23 16:43:59 | 000,145,857 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0008.jpg
[2010/04/23 16:43:58 | 000,214,740 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0004.jpg
[2010/04/23 16:43:58 | 000,214,199 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0002.jpg
[2010/04/23 16:43:58 | 000,209,203 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0003.jpg
[2010/04/23 16:43:58 | 000,121,623 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\scan0001.jpg
[2010/04/20 15:45:19 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\SNH 100 HISTORY OF NATUROPATHY.doc
[2010/04/20 10:35:37 | 000,244,782 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\sierratitlereceipt.JPG
[2010/04/16 10:43:40 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wnejelu.sys
[2010/04/15 17:36:34 | 000,077,312 | -H-- | C] () -- C:\WINDOWS\bill107(2).exe
[2010/04/07 11:52:57 | 000,022,623 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\Form 1500 for Insurnace Claims.pdf
[2010/03/31 14:16:41 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Karina\Desktop\~$ACH.doc
[2010/03/31 14:16:31 | 000,274,548 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\ACH.doc
[2010/03/31 14:07:00 | 000,030,507 | ---- | C] () -- C:\Documents and Settings\Karina\Desktop\Application for Ach Origination for Custs.pdf
[2010/03/30 15:12:49 | 000,801,280 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\tissues.doc
[2010/03/29 21:02:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Karina\My Documents\~$onsorship Letter cnhp.doc
[2010/03/23 13:54:03 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/16 20:42:58 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/16 20:42:58 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/03/08 23:48:16 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\prefixes&suffixes spanish.doc
[2010/03/08 21:38:16 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\prefixes&suffixes.doc
[2010/03/06 17:47:31 | 000,012,194 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\DIETA 1 PRIMERA SEMANA.docx
[2010/03/04 16:06:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/02/23 18:00:41 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\SNH 160 living chemistry.doc
[2010/02/19 12:30:49 | 000,541,696 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\math realestate mortgage calculations.doc
[2010/02/16 21:26:11 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Karina\My Documents\A&E TACO MULTIPLICATION.doc
[2010/01/21 09:49:12 | 000,339,456 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2009/10/12 11:05:09 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SWFConverter.INI
[2009/08/12 17:43:28 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/02 13:59:18 | 000,127,488 | ---- | C] () -- C:\WINDOWS\System32\cardsoko.dll
[2009/08/02 13:59:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfoko.sys
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/10/09 14:40:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\body.ini
[2008/07/09 13:23:12 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/01/11 17:49:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2007/10/03 14:43:25 | 000,000,032 | ---- | C] () -- C:\WINDOWS\BrmfXCh1.ini
[2007/06/27 12:49:10 | 000,000,200 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/21 16:21:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2007/05/21 16:21:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2006/10/30 10:55:20 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2006/10/30 10:32:27 | 000,000,671 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2006/10/30 10:29:25 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2006/10/30 10:27:21 | 000,000,999 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/10/04 10:36:39 | 000,005,001 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2006/09/18 15:43:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/09/18 15:43:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/09/12 15:17:25 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/09/12 15:17:25 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/08/23 12:47:42 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/03/22 18:08:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/03/22 11:50:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/03/22 11:50:23 | 000,001,565 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/03/22 11:50:23 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/03/22 11:50:23 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/03/22 11:50:23 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/03/17 15:29:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/09 12:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/02/21 16:02:41 | 000,065,536 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2006/02/21 16:02:40 | 000,065,536 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2006/02/21 16:02:40 | 000,065,536 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2006/02/21 16:02:40 | 000,065,536 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2006/02/21 16:02:40 | 000,065,536 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2006/02/21 16:02:40 | 000,065,536 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2006/02/21 16:02:40 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006/02/21 16:02:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2006/02/21 16:02:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2006/02/10 19:39:06 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/02/10 19:39:06 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/02/10 19:39:04 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/02/10 19:19:02 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006/02/07 19:19:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/07 18:47:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/05/04 11:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/03/24 14:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Setup
[2007/11/06 16:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2010/04/28 11:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/10/09 10:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/09/24 11:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pazwpezk
[2006/12/22 15:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/02/07 19:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/01/08 12:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/25 15:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/03/10 20:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/15 16:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Dealio
[2010/04/22 11:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\DeviceDoctorSoftware
[2010/03/04 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\eFax Messenger
[2007/09/08 15:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\FileMaker
[2009/10/12 10:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\FreeFLVConverter
[2008/11/02 11:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Image Zone Express
[2007/11/06 17:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Individual Software
[2010/05/04 12:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\j2 Global
[2010/04/26 12:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\j2 Global(2)
[2009/10/12 10:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Moyea
[2009/10/09 10:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\NCH Swift Sound
[2006/12/22 15:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\PlayFirst
[2010/01/21 09:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Primal Pictures
[2010/05/06 11:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\PrimoPDF
[2009/10/12 10:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Search Settings
[2010/04/27 09:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karina\Application Data\Thunderbird
[2010/04/02 09:49:06 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\20090915_133100_Karina.job
[2010/05/12 10:28:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/01 10:00:00 | 000,000,548 | ---- | M] () -- C:\WINDOWS\Tasks\G_BAL_MariaMolina.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2004/12/29 00:57:36 | 000,017,505 | R--- | M] () -- C:\DBI.EXE
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\349db2fd8d4d3e054a5c26eb4e\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\349db2fd8d4d3e054a5c26eb4e\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/17 10:10:28 | 000,127,488 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\cardsoko.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/17 10:10:28 | 000,032,768 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mfoko.sys

< %systemroot%\System32\config\*.sav >
[2006/02/07 12:27:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/02/07 12:27:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/02/07 12:27:02 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010/05/17 11:07:37 | 754,974,720 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DA64F2C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:288A91F8
< End of report >

EXTRA REPORT -----------

OTL Extras logfile created on: 5/17/2010 11:49:49 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Karina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 368.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 29.36 Gb Free Space | 39.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KARINA-QCYJSEPZ
Current User Name: Karina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware -- File not found
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE" = C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage -- (Microsoft Corporation)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Disabled:GameSpy Arcade -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6283826F-59A2-11D9-BB04-000AE6BE6EE7}" = On-line Help Console
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6E8E0663-4714-4946-8D2A-07E99138A11A}" = HP Image Zone Express
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111410757}" = Scrabble Blast Deluxe
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9FC7D8E1-F14F-11D4-943A-00E02950B496}" = Microsoft Office XP Pro Step by Step Interactive
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DEAD07C6-D070-43AB-A60D-D9ABE55E296D}_is1" = JPEGCrops 0.7.5 beta
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E8B2CCA3-7472-425D-B177-E17E7A07F3C5}" = CQTest6 for Publishers
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.0
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FDBA3063-3421-4D4E-8426-671BE3B7E983}" = Traditional Flower Remedies - Remedies Test
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG8Uninstall" = AVG Free 8.5
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BroadJump Client Foundation" = BroadJump Client Foundation
"CamStudio" = CamStudio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"CQuest Test for CQPublisher" = CQuest Test for CQPublisher
"DMX5_is1" = DriverMax 5
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ExamView Pro" = ExamView Pro
"Free FLV Converter_is1" = Free FLV Converter V 6.7.1
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Window Registry Repair" = Free Window Registry Repair
"Homestead SiteBuilder" = Homestead SiteBuilder
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire PRO 4.8.1
"MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
"MAGIX music studio 10 deLuxe" = MAGIX music studio 10 deLuxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.2)" = Mozilla Firefox (3.0.2)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Editor 2" = PDF Editor 2
"Primal Pictures Interactive Functional Anatomy" = Primal Pictures Interactive Functional Anatomy
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Punch! Professional Home Design" = Punch! Professional Home Design
"RealArcade 1.2" = RealArcade
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop" = The Weather Channel Desktop
"Total 3D Home, Landscape & Deck Premium Suite" = Total 3D Home, Landscape & Deck Premium Suite
"Type3800C/Type7000 TWAIN Driver Ver.3" = Type3800C/Type7000 TWAIN Driver Ver.3
"UnityWebPlayer" = Unity Web Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2010 12:55:42 PM | Computer Name = KARINA-QCYJSEPZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x004ad29b.

Error - 5/13/2010 5:21:29 PM | Computer Name = KARINA-QCYJSEPZ | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706. An installation package for the
product PhotoGallery cannot be found. Try the installation again using a valid
copy of the installation package 'PhotoGallery.msi'.

Error - 5/14/2010 10:37:38 AM | Computer Name = KARINA-QCYJSEPZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x004ad29b.

Error - 5/14/2010 10:37:58 AM | Computer Name = KARINA-QCYJSEPZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x004ad29b.

Error - 5/14/2010 12:35:00 PM | Computer Name = KARINA-QCYJSEPZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wininet.dll, version 8.0.6001.18904, fault address 0x00014eb9.

Error - 5/14/2010 12:35:54 PM | Computer Name = KARINA-QCYJSEPZ | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.6501.0, faulting module
excel.exe, version 10.0.6501.0, fault address 0x00020ad8.

Error - 5/14/2010 12:52:27 PM | Computer Name = KARINA-QCYJSEPZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x0001fd56.

Error - 5/17/2010 11:03:23 AM | Computer Name = KARINA-QCYJSEPZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x0017258a.

Error - 5/17/2010 11:50:22 AM | Computer Name = KARINA-QCYJSEPZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10e.ocx, version 10.0.45.2, fault address 0x002ae90f.

Error - 5/17/2010 1:13:24 PM | Computer Name = KARINA-QCYJSEPZ | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application outlook.exe, version 10.0.6626.0, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00019349.

[ System Events ]
Error - 5/10/2010 11:13:34 AM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 5/10/2010 4:03:19 PM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 5/12/2010 11:13:44 AM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 80ef0258, parameter2 00000002, parameter3
00000000, parameter4 806f02d6.

Error - 5/12/2010 1:22:12 PM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 5/13/2010 10:08:36 AM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 100000cc, parameter1 86c19160, parameter2 00000000, parameter3
804e9636, parameter4 00000000.

Error - 5/13/2010 11:17:11 AM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 000000c4, parameter1 00000090, parameter2 ffdff120, parameter3
00000000, parameter4 00000000.

Error - 5/14/2010 12:41:17 PM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 8735b4a0, parameter2 00000002, parameter3
00000000, parameter4 805037ca.

Error - 5/14/2010 1:16:53 PM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 000000c4, parameter1 00000090, parameter2 ffdff120, parameter3
00000000, parameter4 00000000.

Error - 5/14/2010 1:31:46 PM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 000000c4, parameter1 00000090, parameter2 ffdff120, parameter3
00000000, parameter4 00000000.

Error - 5/15/2010 11:30:06 AM | Computer Name = KARINA-QCYJSEPZ | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 87383bf8, parameter2 00000002, parameter3
00000000, parameter4 805037ca.


< End of report >


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 18 May 2010 - 05:03 PM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 JESSICATEXAS

JESSICATEXAS
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 21 May 2010 - 12:22 PM

Hi I was finally able to get the log, I kept trying it in normal startup but kept getting blue screen in safe mode it finally let me this is what it gave me thanks again.

ComboFix 10-05-20.04 - Karina 05/21/2010 10:58:28.4.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.762 [GMT -5:00]
Running from: C:\Documents and Settings\Karina\Desktop\schrauber.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-19 18:48:09 . 2010-05-19 18:48:09 -------- d-----w- C:\Documents and Settings\Karina\Local Settings\Application Data\PackageAware
2010-05-04 21:23:05 . 2010-05-06 16:11:57 -------- d-----w- C:\Documents and Settings\Karina\Application Data\PrimoPDF
2010-05-04 21:21:48 . 2009-07-31 01:44:14 176235 ----a-w- C:\WINDOWS\system32\Primomonnt.dll
2010-05-04 21:21:45 . 2010-05-04 21:21:45 -------- d-----w- C:\Program Files\Nitro PDF
2010-05-04 17:00:32 . 2010-05-04 17:00:32 -------- d-----w- C:\Documents and Settings\Karina\Application Data\j2 Global
2010-04-29 14:52:54 . 2010-04-29 14:52:54 -------- d-----w- C:\Program Files\Safer Networking
2010-04-28 17:57:17 . 2010-04-12 07:07:22 12288 ----a-w- C:\WINDOWS\InstFunc.dll
2010-04-28 17:57:17 . 2006-04-28 06:56:40 49152 ----a-w- C:\WINDOWS\InstFunc.exe
2010-04-28 17:57:17 . 2006-03-22 18:53:16 337320 ----a-w- C:\WINDOWS\difxapi.dll
2010-04-28 17:38:03 . 2002-08-26 20:49:02 28672 ----a-w- C:\WINDOWS\S4TSR.EXE
2010-04-28 17:37:56 . 2003-08-14 19:05:56 21504 ----a-w- C:\WINDOWS\NoUSB20.EXE
2010-04-28 17:27:34 . 2010-04-28 17:27:34 -------- d-----w- C:\Documents and Settings\Karina\Local Settings\Application Data\RadarSync
2010-04-28 17:27:18 . 2010-04-28 20:43:38 -------- d-----w- C:\Program Files\RadarSync
2010-04-28 17:06:16 . 2004-10-18 19:05:14 73576 ----a-w- C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2010-04-28 17:06:16 . 2004-10-18 19:05:00 26104 ----a-w- C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2010-04-28 17:06:16 . 2003-12-17 14:50:00 19968 ----a-w- C:\WINDOWS\Logi_MwX.Exe
2010-04-28 16:55:45 . 2010-04-12 07:08:42 9728 ----a-w- C:\WINDOWS\system32\SiSPIns2.dll
2010-04-28 16:47:46 . 2010-04-28 16:47:46 -------- d-----w- C:\Documents and Settings\Karina\Local Settings\Application Data\Innovative Solutions
2010-04-28 16:47:46 . 2010-04-28 16:47:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2010-04-28 16:42:32 . 2010-04-28 16:42:32 -------- d-----w- C:\Program Files\SystemRequirementsLab
2010-04-28 15:32:25 . 2010-04-28 15:32:25 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
2010-04-27 17:35:39 . 2010-03-05 18:45:51 456704 -c----w- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2010-04-27 16:44:48 . 2010-05-20 21:51:50 -------- d-----w- C:\Program Files\Free Window Registry Repair
2010-04-26 17:44:02 . 2009-10-23 15:28:37 3558912 -c----w- C:\WINDOWS\system32\dllcache\moviemk.exe
2010-04-26 17:24:43 . 2010-04-26 17:24:43 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2010-04-26 17:18:20 . 2010-04-26 17:18:36 -------- d-----w- C:\Program Files\QuickTime
2010-04-26 17:17:30 . 2010-04-26 17:17:30 -------- d-----w- C:\Program Files\Bonjour
2010-04-26 17:17:27 . 2010-04-26 17:17:27 -------- d-----w- C:\Program Files\iPod
2010-04-26 17:17:22 . 2010-04-26 17:17:28 -------- d-----w- C:\Program Files\iTunes
2010-04-23 17:56:38 . 2010-04-23 17:56:38 -------- d-----w- C:\Compaq
2010-04-23 16:55:52 . 2010-04-26 17:04:21 -------- d-----w- C:\Program Files\MouseWare
2010-04-23 16:55:41 . 2010-04-23 16:55:41 -------- d-----w- C:\SWSetup
2010-04-22 17:02:08 . 2010-04-26 17:04:35 -------- d-----w- C:\HP Universal Print Driver PCL5 v5.0.1
2010-04-22 16:50:41 . 2010-04-22 16:51:31 -------- d-----w- C:\Program Files\SiS VGA Utilities V3.88
2010-04-22 16:42:20 . 2010-04-22 16:42:20 -------- d-----w- C:\Documents and Settings\Karina\Application Data\DeviceDoctorSoftware
2010-04-22 16:42:17 . 2010-04-22 16:42:17 -------- d-----w- C:\Program Files\Device Doctor
2010-04-21 21:27:41 . 2010-04-21 21:27:41 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 21:31:07 . 2007-09-08 20:26:02 -------- d-----w- C:\Program Files\Traditional Flower Remedies Test
2010-05-04 16:58:33 . 2010-03-04 21:02:57 -------- d-----w- C:\Program Files\eFax Messenger 4.4
2010-05-04 16:58:23 . 2010-05-04 16:58:23 4710 ----a-r- C:\Documents and Settings\Karina\Application Data\Microsoft\Installer\{DF6DA606-904D-4C18-823F-A4CFC3035E53}\ext.exe
2010-05-04 16:58:22 . 2010-03-04 21:06:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
2010-04-28 18:39:17 . 2006-02-08 03:26:06 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-04-28 18:37:28 . 2006-02-08 03:26:08 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-28 15:35:23 . 2006-02-08 03:26:34 -------- d-----w- C:\Program Files\Lavasoft
2010-04-28 15:35:15 . 2008-08-26 15:16:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-27 14:58:17 . 2006-09-11 15:21:36 -------- d-----w- C:\Documents and Settings\Karina\Application Data\Thunderbird
2010-04-26 17:32:16 . 2010-04-28 14:33:15 1143136 ----a-w- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2010-04-26 17:20:55 . 2008-09-12 16:03:41 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-26 17:19:48 . 2010-03-02 16:55:55 -------- d-----w- C:\Program Files\Excel to PDF Converter
2010-04-26 17:19:18 . 2010-03-04 21:07:10 -------- d-----w- C:\Documents and Settings\Karina\Application Data\j2 Global(2)
2010-04-26 17:18:48 . 2010-03-11 01:05:08 -------- d-----w- C:\Program Files\Common Files\Apple
2010-04-26 17:18:20 . 2010-03-11 01:08:54 -------- d-----w- C:\Program Files\QuickTime(2)
2010-04-26 17:17:30 . 2010-03-11 01:10:59 -------- d-----w- C:\Program Files\Bonjour(2)
2010-04-26 17:17:22 . 2010-03-11 01:14:44 -------- d-----w- C:\Program Files\iPod(2)
2010-04-26 17:04:20 . 2006-02-21 22:07:03 -------- d-----w- C:\Program Files\Common Files\Logitech
2010-04-23 16:55:52 . 2006-02-08 00:25:06 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-04-16 15:43:40 . 2010-04-16 15:43:40 54016 ----a-w- C:\WINDOWS\system32\drivers\wnejelu.sys
2010-04-15 22:36:34 . 2010-04-15 22:36:34 77312 ---ha-w- C:\WINDOWS\bill107(2).exe
2010-04-15 17:33:14 . 2006-09-10 22:14:17 -------- d-----w- C:\Program Files\HP
2010-04-12 07:40:28 . 2006-02-11 00:19:26 19200 ----a-w- C:\WINDOWS\system32\drivers\srvkp.sys
2010-04-12 07:40:08 . 2006-02-11 00:19:25 1571001 ----a-w- C:\WINDOWS\system32\sisgl.dll
2010-04-12 07:22:38 . 2006-02-11 00:19:24 3468288 ----a-w- C:\WINDOWS\system32\sisgrv.dll
2010-04-12 07:17:36 . 2006-02-11 00:19:24 324608 ----a-w- C:\WINDOWS\system32\drivers\sisgrp.sys
2010-04-12 07:07:14 . 2006-02-11 00:19:26 172032 ----a-w- C:\WINDOWS\system32\SiSInst.dll
2010-04-12 07:07:02 . 2010-04-12 07:07:02 258048 ----a-w- C:\WINDOWS\system32\SiSParse.dll
2010-04-12 07:06:42 . 2010-04-12 07:06:42 49152 ----a-w- C:\WINDOWS\system32\SiSBase.dll
2010-03-31 19:15:30 . 2008-09-19 19:41:56 -------- d-----w- C:\Program Files\PDF Editor 2
2010-03-31 15:16:31 . 2006-09-23 01:03:00 -------- d-----w- C:\Program Files\Common Files\Real
2010-03-30 19:05:51 . 2010-03-17 01:42:58 54 ----a-w- C:\WINDOWS\system32\rp_stats.dat
2010-03-30 19:05:51 . 2010-03-17 01:42:58 39 ----a-w- C:\WINDOWS\system32\rp_rules.dat
2010-03-24 19:55:31 . 2010-03-04 21:06:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Setup
2010-03-11 12:38:54 . 2001-08-23 12:00:00 832512 ----a-w- C:\WINDOWS\system32\wininet(3).dll
2010-03-11 12:38:54 . 2001-08-23 12:00:00 1168384 ----a-w- C:\WINDOWS\system32\urlmon(3).dll
2010-03-11 12:38:52 . 2001-08-23 12:00:00 192512 ----a-w- C:\WINDOWS\system32\iepeers(2).dll
2010-03-10 06:15:52 . 2001-08-23 12:00:00 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-02-25 06:24:37 . 2001-08-23 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-02-24 13:11:07 . 2001-08-23 12:00:00 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2009-08-05 22:09:57 . 2009-08-05 22:09:57 18215 ----a-w- C:\Program Files\Common Files\witicoru.db
2009-08-05 22:09:57 . 2009-08-05 22:09:57 13733 ----a-w- C:\Program Files\Common Files\hapypukig.sys
2009-08-05 22:09:57 . 2009-08-05 22:09:57 10697 ----a-w- C:\Program Files\Common Files\imar.reg
2006-09-23 01:03:23 . 2006-09-23 01:03:29 774144 ----a-w- C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 16:49:06 307200]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 02:06:32 4351216]
"eFax 4.4"="C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 20:25:48 95744]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 22:25:44 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 15:50:30 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-05-21 16:34:07 148888]
"SMSERIAL"="sm56hlpr.exe" [2004-12-28 22:01:00 544768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 16:50:42 155648]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 22:14:00 1394000]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 14:50:00 19968]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 15:47:56 289064]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 07:41:10 49152]
"DisableEHCI"="C:\WINDOWS\S4TSR.EXE" [2002-08-26 20:49:02 28672]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 03:26:26 368706]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2010-04-28 14:33:50 2046816]

C:\Documents and Settings\Karina\Start Menu\Programs\Startup\
eFax 4.4.lnk - C:\Program Files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-3-9 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 14:59:33 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Karina^Start Menu^Programs^Startup^Launch Microsoft Outlook.lnk]
backup=C:\WINDOWS\pss\Launch Microsoft Outlook.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karina^Start Menu^Programs^Startup^Reboot.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^Karina^Start Menu^Programs^Startup^Shortcut to Microsoft Outlook.lnk]
backup=C:\WINDOWS\pss\Shortcut to Microsoft Outlook.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [10/29/2008 10:28:25 AM 335240]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 10:37:46 PM 297752]
S2 icpnt;Driver Boot;C:\WINDOWS\system32\svchost.exe -k netsvcs [8/23/2001 7:00:00 AM 14336]
S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\Karina\LOCALS~1\Temp\bDMusicb.sys --> C:\DOCUME~1\Karina\LOCALS~1\Temp\bDMusicb.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-02 C:\WINDOWS\Tasks\20090915_133100_Karina.job
- C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe [2005-10-28 01:32:26 . 2005-10-28 01:32:26]

2010-05-01 C:\WINDOWS\Tasks\G_BAL_MariaMolina.job
- C:\Documents and Settings\Karina\My Documents\SCHOOLFILES\Class_G\G_Balance_Attendance\G_BAL_MariaMolina.xls [2008-03-11 18:33:31 . 2009-01-27 17:58:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - C:\Documents and Settings\Karina\Application Data\Mozilla\Firefox\Profiles\g7nxegut.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-DriverMax_RESTART - C:\Program Files\Innovative Solutions\DriverMax\devices.exe
HKCU-Run-DriverMax - C:\Program Files\Innovative Solutions\DriverMax\devices.exe
HKLM-Run-SiSPower - SiSPower.dll
HKLM-Run-SearchSettings - C:\Program Files\Search Settings\SearchSettings.exe
HKLM-Run-Cmaudio - cmicnfg.cpl




#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 21 May 2010 - 02:32 PM

Hi,

This log is incomplete. Please have a look for C:\Combofix.txt and post it here. ALso please have a look for Combofix textfiles in C:\Qoobox and post them here also.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:07 AM

Posted 24 May 2010 - 11:30 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users