Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus problems


  • This topic is locked This topic is locked
19 replies to this topic

#1 ChristiK

ChristiK

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 31 May 2010 - 10:02 PM

I am having problems with some form of Google redirect virus/malware. It's been going on for a few weeks, maybe longer. So far, we've scanned with Avast, Malware-Bytes, Ad-Aware, possibly Spybot S&D (I can't recall exactly, and can't find my notes), and Windows Defender. Nothing has found or fixed the problem. Most Google links - maybe all, I haven't kept track - are redirected to other sites, both in Firefox and IE. It's not always the same site, as far as I can tell; it seems to be random, but totally unrelated to the search terms or to the link I wanted to go to.

I just did a small test (1 search term, 2 links) in IE & Firefox: the IE results were redirected to pages that were apparently search results for the term I Googled, but I didn't click any of the links. Both links worked in Firefox, though. The targets were pretty major sites, though (Disney & IMDB) - not sure if that's a factor or not.

This may have started when the PC was infected with Internet Security 2010 a few months ago; we got that cleaned up, but I wasn't using Google a lot then, so it may have been infected then and I just didn't notice.

Also, it may or may not be related, but the PC will not start in Safe Mode right now. Not sure if it started at the same time or not; we don't do that often, so I'm not sure. It throws a blue screen every time we've tried it, and the error codes don't lead to anything useful at Microsoft.com as far as I can find.

The PC is a Dell, running Windows XP, Service Pack 3. I use Firefox 3.6.3 most of the time, IE 8 the rest of the time.


DDS File:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Christi at 16:53:52.58 on Mon 05/31/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2846 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LogitechMouse\SetPoint\SetPoint.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\firefox.exe
C:\Documents and Settings\Christi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://apps.facebook.com/fishworld/index.php
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\christi\startm~1\programs\startup\eventr~1.lnk - c:\pmw\PMREMIND.EXE
StartupFolder: c:\docume~1\christi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\christi\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\christi\startm~1\programs\startup\wallpa~1.lnk - c:\program files\wallpapertoy\Wallpapertoy.Exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitechmouse\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitechmouse\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: arcamax.com\www
Trusted Zone: facebook.com
Trusted Zone: facebook.com\apps
Trusted Zone: facebook.com\www
Trusted Zone: farmville.com
Trusted Zone: offerpal.com\www
Trusted Zone: slashkey.com\l1
Trusted Zone: talltreegames.com\fwlb
Trusted Zone: talltreegames.com\www*
Trusted Zone: zynga.com
Trusted Zone: zynga.com\forums
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {6D5704AC-FFBE-4022-9F14-41E7A073069C} = 209.244.0.3 209.244.0.4
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitechmouse\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christi\applic~1\mozilla\firefox\profiles\0cyasl8n.christi default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\documents and settings\christi\application data\mozilla\firefox\profiles\0cyasl8n.christi default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\christi\application data\mozilla\firefox\profiles\0cyasl8n.christi default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\christi\application data\mozilla\firefox\profiles\0cyasl8n.christi default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\mozilla firefox\mozilla firefox 3\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\mozilla firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\mozilla firefox 3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\mozilla firefox 3\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-17 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-2 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-2 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-2 40384]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-4-14 266240]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-2 40384]
S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [1998-7-1 52800]

=============== Created Last 30 ================

2010-05-31 20:14:24 0 d-----w- c:\program files\Trend Micro
2010-05-30 14:30:24 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-26 21:41:05 0 d-----w- c:\docume~1\christi\applic~1\E-centives
2010-05-10 16:37:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-09 05:13:59 0 d-----w- C:\Dictinry
2010-05-09 05:13:48 0 d-----w- c:\program files\Prentice-Hall

==================== Find3M ====================

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 21:01:28 187072 ----a-w- c:\windows\walltoyUninst.exe
2010-03-14 17:51:48 480156 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2008-05-28 06:08:40 1495112 ----a-w- c:\program files\install_flash_player.exe
2009-07-05 21:33:23 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 16:55:31.95 ===============



I don't have a GMER log to include yet. I've tried twice, and the PC blue-screened both times (the second time after running for about two hours). I'll try it again overnight and see if I have better luck. I do have the error codes that Windows reported both times, and a HijackThis log from this afternoon, if either would be helpful.

Thank you,
Christi

Attached Files


Edited by ChristiK, 31 May 2010 - 10:10 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 02 June 2010 - 03:06 PM

Hello.

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 02 June 2010 - 06:34 PM

Thanks for the help EB. Here are the reports.

I did get an error while OTL was running:
Exception processing Message c0000013 Paramaters 75b6bf7c 75b6bf7c 75b6bf7c

I chose the Cancel option - the other two choices didn't have any effect when I clicked on them.

Do I need to try the GMER log again? I got it to run without crashing yesterday, but had to stop it after 4 hours.

OTL.Txt

OTL logfile created on: 6/2/2010 5:37:37 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Christi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 29.67 Gb Free Space | 19.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.31 Gb Total Space | 153.16 Gb Free Space | 82.21% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 635.48 Gb Free Space | 68.22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7Z53Z91
Current User Name: Christi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/02 17:31:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/05 00:53:48 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 12:56:04 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/14 14:51:23 | 000,266,240 | -H-- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/29 19:56:20 | 000,158,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/04/29 19:56:20 | 000,061,856 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 19:12:36 | 000,033,280 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 12:00:04 | 003,760,198 | ---- | M] (Zinio, LLC) -- C:\Program Files\Zinio\ZinioReader.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/31 10:14:30 | 000,532,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\LogitechMouse\SetPoint\SetPoint.exe
PRC - [2006/01/20 17:46:56 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/05/12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | -H-- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 05:00:00 | 000,019,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2004/07/27 16:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/27 16:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/12/18 13:12:26 | 000,110,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\WallpaperToy\Wallpapertoy.Exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 17:31:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/01/31 10:12:12 | 000,040,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\LogitechMouse\SetPoint\lgscroll.dll
MOD - [2005/01/19 12:50:50 | 000,499,712 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2005/01/19 12:50:50 | 000,348,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/19 19:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/02/05 00:53:48 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/04/14 14:51:23 | 000,266,240 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/04/29 19:56:32 | 005,065,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/04/29 19:56:22 | 000,245,664 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/04/29 19:56:20 | 000,061,856 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/04/13 19:12:36 | 000,033,280 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 19:12:02 | 000,105,472 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/30 17:02:26 | 000,086,016 | -H-- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/04 05:00:00 | 000,019,456 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2004/08/04 05:00:00 | 000,019,456 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/06/20 06:08:27 | 000,225,856 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/29 19:39:04 | 000,040,704 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/04/13 13:36:39 | 000,043,008 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/27 13:49:00 | 000,003,840 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/01/20 18:03:28 | 000,027,776 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/01/20 18:03:24 | 000,069,376 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/01/20 18:02:58 | 000,036,608 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/06/01 03:08:00 | 001,198,080 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/11 00:33:12 | 000,032,256 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/04/01 16:52:46 | 000,132,608 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/06 01:05:00 | 000,100,603 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 14:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 000,005,627 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/03/24 10:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 16:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | -H-- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | -H-- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | -H-- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1998/07/01 01:55:56 | 000,052,800 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPFECP16.SYS -- (HPFECP16)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apps.facebook.com/fishworld/index.php
IE - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/26 14:12:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 16:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\components [2010/05/03 11:36:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\plugins [2010/05/26 16:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird 2\components [2010/01/29 19:00:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 2\plugins

[2010/01/25 19:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Extensions
[2010/01/25 19:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/02 01:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions
[2009/06/29 11:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{0711a72d-2bfc-4f2d-9366-454934df3105}
[2009/01/21 02:55:06 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/02/15 12:33:33 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2006/05/19 17:33:33 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2010/03/28 00:00:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2006/05/19 17:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{50cfc120-6dc2-4851-b9b2-7355c888da0a}
[2010/05/01 23:54:12 | 000,000,000 | ---D | M] (MyPoints Point Finder) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}
[2009/06/22 11:37:29 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/29 17:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2008/12/30 18:28:23 | 000,000,000 | ---D | M] (Mozteroids) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{8a3b98a2-7bb5-4933-993d-2594ec99cc54}
[2010/02/04 13:08:17 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2009/01/02 02:02:41 | 000,000,000 | ---D | M] (Word Count Plus) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{97c7d43c-4182-49b8-9b04-b78fed89d7fb}
[2009/09/20 23:47:55 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/04/28 11:24:37 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/15 12:33:29 | 000,000,000 | ---D | M] (gTranslate) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2009/06/29 11:58:26 | 000,000,000 | ---D | M] (Xultris) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{bed1bcec-57d3-47e1-a32b-b4e5f3003019}
[2009/10/20 12:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/05/08 23:28:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/15 13:33:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/01 09:25:06 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2009/01/02 02:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\addictive_typing_lessons@tomkennedy.net
[2009/09/22 09:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\fireform@mozilla.org
[2008/12/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\pacman@oppermann.ch
[2009/03/05 23:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\3gg6zonm.Chris\extensions
[2010/05/01 23:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/02 01:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\extensions
[2010/05/02 01:19:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/10 11:38:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions
[2006/05/19 10:21:40 | 000,000,000 | ---D | M] (Nautical Blue) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{0F29C5FB-F97B-4134-80A0-E01218CF0CE6}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2006/05/19 10:21:36 | 000,000,000 | ---D | M] (Word Count) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{205026F2-3243-49e1-8A44-A826B28C34F0}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{2C759960-017B-41c6-AD94-42601E2235AB}
[2006/05/19 10:21:39 | 000,000,000 | ---D | M] (Adblock) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2006/05/19 10:21:41 | 000,000,000 | ---D | M] (Archaic) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{366D68E8-8E61-4009-B3FC-69FC2CEBC7AB}
[2006/05/19 10:21:39 | 000,000,000 | ---D | M] (Qute) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (Microfirefox) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}
[2006/05/19 10:21:40 | 000,000,000 | ---D | M] (GrayModern) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{463ddc2c-1059-4a76-88bc-fa3b0abe6d8c}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (Translate) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{4E38B095-A1A0-46cd-9BA2-B3708444965A}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{50cfc120-6dc2-4851-b9b2-7355c888da0a}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (IE View) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2006/05/19 10:21:40 | 000,000,000 | ---D | M] (Nautical) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{7C685AB0-1049-4ca7-9B64-12A04E432CA1}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (Perennial) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{7cf1c3ae-a6b0-46af-b761-979a59974f59}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (Phoenity) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{88cb9cff-ee4a-481e-bb22-ab5c05e04c22}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2006/05/19 10:21:36 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (SpellBound) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{9EBEDB01-55DC-432b-A2DB-7E4AF3230A24}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (OpenBook) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (AspellFox) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{ae2fe5af-2c80-41cf-bc14-260a88a36e44}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (Ancyent) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{b5829262-4765-048e-dc9b-4d3d4d51afdc}
[2006/05/19 10:21:36 | 000,000,000 | ---D | M] (About site) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{c01accc0-1291-11d9-9669-0800200c9a66}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (708090) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{caddc261-9bda-4e20-961b-5eda367dbd30}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{d8bd53e7-7ad6-4fb0-9dea-ee0f111fb4c8}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (SpoofStick) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{ebcf8b39-5cb1-4233-9edf-7d6533455b8d}
[2006/05/19 10:21:41 | 000,000,000 | ---D | M] (LO-FI) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{lofi-0.1}
[2006/05/19 10:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\temp
[2006/05/19 10:18:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Profiles\yfzh2g1o.ProfileName\extensions
[2006/05/19 10:18:38 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\Profiles\yfzh2g1o.ProfileName\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/15 12:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/02/02 00:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
[2010/05/26 16:41:05 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/01/24 04:43:35 | 000,373,587 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12876 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\LogitechMouse\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: arcamax.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: farmville.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: offerpal.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: slashkey.com ([l1] * in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: talltreegames.com ([fwlb] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: talltreegames.com ([www*] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: zynga.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: zynga.com ([forums] http in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\offline-8876480 {6909A5B7-4457-4E0F-B07A-32673A89FC69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b0c61f05-8a2b-11db-a62c-00137280b1e8}\Shell - "" = AutoRun
O33 - MountPoints2\{b0c61f05-8a2b-11db-a62c-00137280b1e8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0c61f05-8a2b-11db-a62c-00137280b1e8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f936bf53-00ff-11de-a92e-00137280b1e8}\Shell - "" = AutoRun
O33 - MountPoints2\{f936bf53-00ff-11de-a92e-00137280b1e8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f936bf53-00ff-11de-a92e-00137280b1e8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | -H-D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/02 17:25:02 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL.exe
[2010/05/31 15:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/26 16:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christi\Application Data\E-centives
[2010/05/10 11:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/10 11:37:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/10 11:37:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/10 11:37:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/10 11:37:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/09 00:13:59 | 000,000,000 | ---D | C] -- C:\Dictinry
[2010/05/09 00:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Prentice-Hall
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/02 17:44:26 | 003,145,782 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp
[2010/06/02 17:31:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL.exe
[2010/06/02 17:21:43 | 000,025,407 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\Stpes 2010.odt
[2010/06/02 17:10:27 | 000,017,212 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\Disney 50 Days of Summer songs.odt
[2010/06/02 13:31:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/06/02 13:30:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/06/02 13:28:53 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 13:28:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/02 13:27:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/02 13:27:48 | 3756,142,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/02 02:45:27 | 014,155,776 | -H-- | M] () -- C:\Documents and Settings\Christi\NTUSER.DAT
[2010/06/02 02:45:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Christi\ntuser.ini
[2010/05/31 17:27:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Christi\My Documents\gmer.exe
[2010/05/31 17:19:53 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\gmer.zip
[2010/05/31 16:53:34 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\dds.scr
[2010/05/31 15:46:56 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Christi\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 15:14:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\HijackThis.lnk
[2010/05/30 09:30:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/21 22:37:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Christi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 11:30:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/05/09 00:14:05 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Understanding Music.lnk
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 15:34:37 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/31 16:57:02 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\gmer.zip
[2010/05/31 16:52:18 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\dds.scr
[2010/05/31 15:46:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Christi\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 15:14:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\HijackThis.lnk
[2010/05/30 09:30:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/27 12:42:27 | 000,017,212 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\Disney 50 Days of Summer songs.odt
[2010/05/09 00:14:05 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Understanding Music.lnk
[2010/01/27 22:02:37 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CBP.INI
[2009/10/02 19:46:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/06/12 01:30:12 | 000,003,840 | -H-- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/05 00:16:50 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/17 23:57:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdPrint.INI
[2007/03/16 10:27:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007/02/25 19:58:10 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/12/14 23:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/12/14 23:43:57 | 000,000,438 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/12/14 23:43:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\HPFTBX16.INI
[2006/08/31 17:54:50 | 000,777,728 | -H-- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2006/08/31 14:26:22 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\wddx_com.dll
[2006/08/31 14:26:05 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/08/31 14:26:05 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2006/08/31 14:26:05 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/06/03 16:11:19 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/05/10 07:02:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 06:58:05 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/10 06:40:22 | 000,000,391 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 16:49:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/07/01 02:40:30 | 000,003,782 | -H-- | C] () -- C:\WINDOWS\System32\HPFlnk16.ini
[1998/07/01 02:23:58 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\HPFhrl16.dll
[1998/07/01 02:23:56 | 000,249,856 | -H-- | C] () -- C:\WINDOWS\System32\HPFsrl16.dll
[1998/07/01 02:23:50 | 000,260,096 | -H-- | C] () -- C:\WINDOWS\System32\HPFmrl16.dll
[1998/07/01 02:23:46 | 001,113,088 | -H-- | C] () -- C:\WINDOWS\System32\HPFtrl16.dll
[1998/07/01 02:20:48 | 000,193,536 | -H-- | C] () -- C:\WINDOWS\System32\HPFcps16.dll
[1998/07/01 02:20:20 | 000,076,800 | -H-- | C] () -- C:\WINDOWS\System32\HPF24r16.dll
[1998/07/01 02:19:08 | 000,044,544 | -H-- | C] () -- C:\WINDOWS\System32\HPFtst16.dll
[1998/07/01 02:17:26 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\System32\HPFpcl16.dll
[1998/07/01 02:10:40 | 000,395,264 | -H-- | C] () -- C:\WINDOWS\System32\HPFui16.dll
[1998/07/01 02:04:14 | 000,266,752 | -H-- | C] () -- C:\WINDOWS\System32\HPFwin16.dll
[1998/07/01 02:00:18 | 000,037,376 | -H-- | C] () -- C:\WINDOWS\System32\HPFmon16.dll
[1998/07/01 01:59:40 | 000,033,280 | -H-- | C] () -- C:\WINDOWS\System32\HPFcbl16.dll
[1998/07/01 01:57:42 | 000,022,528 | -H-- | C] () -- C:\WINDOWS\System32\HPFnet16.dll
[1998/07/01 01:57:28 | 000,033,384 | -H-- | C] () -- C:\WINDOWS\System32\HPFiop16.dll
[1998/07/01 01:57:16 | 000,069,284 | -H-- | C] () -- C:\WINDOWS\System32\HPFpml16.dll
[1998/07/01 01:57:12 | 000,137,232 | -H-- | C] () -- C:\WINDOWS\System32\HPFmlc16.dll
[1998/07/01 01:57:06 | 000,057,240 | -H-- | C] () -- C:\WINDOWS\System32\HPFmem16.dll
[1998/07/01 01:57:00 | 000,048,292 | -H-- | C] () -- C:\WINDOWS\System32\HPFlpm16.dll
[1998/07/01 01:56:48 | 000,072,368 | -H-- | C] () -- C:\WINDOWS\System32\HPFcom16.dll
[1998/07/01 01:55:56 | 000,052,800 | -H-- | C] () -- C:\WINDOWS\System32\drivers\HPFecp16.sys
[1998/07/01 01:55:08 | 000,029,184 | -H-- | C] () -- C:\WINDOWS\System32\HPFrsu16.dll
[1998/07/01 01:54:38 | 000,117,760 | -H-- | C] () -- C:\WINDOWS\System32\HPFrsa16.dll
[1998/07/01 01:50:12 | 001,777,664 | -H-- | C] () -- C:\WINDOWS\System32\HPFimg16.dll
[1998/07/01 01:46:52 | 000,124,928 | -H-- | C] () -- C:\WINDOWS\System32\HPFcnt16.dll

========== LOP Check ==========

[2010/04/05 11:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/17 06:49:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2006/05/16 19:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2006/05/21 22:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Scooter Software
[2009/10/20 19:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Amazon
[2010/03/29 22:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\ContentGuard
[2010/05/26 16:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\E-centives
[2010/03/01 13:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\iShell
[2007/01/20 19:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Leadertech
[2007/05/03 14:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\OLYMPUS
[2009/11/09 12:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\OpenOffice.org
[2006/05/30 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Scooter Software
[2010/01/25 19:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Thunderbird
[2009/01/02 11:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/06/02 13:30:50 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/06/02 13:30:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/02 13:31:03 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2006/12/21 18:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/05 11:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/07/25 22:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/02/25 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2006/05/10 06:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/01/17 06:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/17 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 13:52:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/03/15 13:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/02/25 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/24 11:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/10 11:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2006/06/16 13:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/12/24 13:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2010/01/17 06:49:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/12/07 09:10:33 | 002,953,352 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
[2010/02/05 00:53:48 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010/01/27 12:56:04 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2010/01/27 12:57:12 | 001,643,272 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010/02/05 00:55:54 | 000,823,928 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010/01/27 19:43:25 | 000,816,784 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010/03/05 19:13:24 | 003,803,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2010/01/27 13:23:17 | 000,015,880 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010/01/27 19:49:42 | 000,862,040 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

< %APPDATA%\*. >
[2009/06/11 18:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Adobe
[2010/05/13 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\AdobeUM
[2009/10/20 19:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Amazon
[2006/07/25 22:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Apple Computer
[2010/03/29 22:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\ContentGuard
[2006/05/21 21:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\CyberLink
[2010/05/26 16:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\E-centives
[2006/05/18 23:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Help
[2007/02/25 19:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\HP
[2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Identities
[2010/03/01 13:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\iShell
[2006/11/01 16:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Jasc Software Inc
[2007/01/20 19:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Leadertech
[2009/07/04 12:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Logitech
[2006/05/19 09:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Macromedia
[2010/01/17 22:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Malwarebytes
[2008/06/25 22:53:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Christi\Application Data\Microsoft
[2007/08/02 17:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla
[2007/05/03 14:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\OLYMPUS
[2009/11/09 12:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\OpenOffice.org
[2009/11/09 03:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\OpenOffice.org2
[2006/05/30 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Scooter Software
[2007/01/20 19:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Sonic
[2006/05/10 06:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Sun
[2007/08/02 17:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Talkback
[2010/01/25 19:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Thunderbird
[2010/04/14 00:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\U3

< %APPDATA%\*.exe /s >
[2010/02/19 19:31:44 | 000,029,344 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2006/04/05 19:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Christi\Application Data\U3\temp\cleanup.exe
[2006/04/11 12:56:58 | 002,461,696 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Christi\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/04 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/04 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/04 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/04 14:29:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >


Extras.Txt

OTL Extras logfile created on: 6/2/2010 5:37:37 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Christi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 29.67 Gb Free Space | 19.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.31 Gb Total Space | 153.16 Gb Free Space | 82.21% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 635.48 Gb Free Space | 68.22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7Z53Z91
Current User Name: Christi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142110}" = Java 2 Runtime Environment, SE v1.4.2_11
"{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}" = Macromedia HomeSite 5
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DB8F7090-0594-4C31-B33F-4740E2A3F4C9}" = Ultimate Sudoku
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3387EAB-DFD3-4894-9F4C-B27669D35ED8}" = Images of Ireland Theme for Windows XP
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BC2_is1" = Beyond Compare Version 2.4.1
"Belarc Advisor" = Belarc Advisor 7.2
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CDKNet" = CDK Players
"Clifford Adventure" = Clifford Thinking Adventures
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"eGames GameButler" = eGames GameButler
"EOS Utility" = Canon Utilities EOS Utility
"Eudora" = Eudora
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"HijackThis" = HijackThis 2.0.2
"HP DeskJet 690C Series" = HP DeskJet 690C Series (Remove only)
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monk5_5" = Monk5_5 Screen Saver
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"Psych2" = Psych2 Screen Saver
"Puzzle Master 3" = Puzzle Master 3
"Puzzle Master 4" = Puzzle Master 4
"Puzzle Master 5" = Puzzle Master 5
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Savings Bond Wizard" = Savings Bond Wizard
"SCI FI Stargate SG-1 Cast Screensaver" = SCI FI Stargate SG-1 Cast Screensaver
"SG1_Screensaver2" = SG1_Screensaver2
"TopStyle Lite (Version 1.5)" = TopStyle Lite (Version 1.5)
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"Ultimate Mahjongg 15" = Ultimate Mahjongg 15
"WallpaperToy" = Wallpaper Changer for Windows XP
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zinio Reader" = Zinio Reader
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HomeSite 4.5" = HomeSite 4.5

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 02 June 2010 - 07:47 PM

Hello.

No worries, no need to run GMER again, I think I found the culprit here now.

Let's see what we can do about that. First, let's start off with Combofix and see if it can be dealt with, if not we'll try something else.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 02 June 2010 - 10:12 PM

Thanks, I will run ComboFix tonight. Will a screensaver or hibernation/powersave mode cause issues with ComboFix? Also, to confirm, it's okay to re-enable the anti-virus/anti-malware after ComboFix is done running?

Thanks again.

Edited by ChristiK, 02 June 2010 - 10:15 PM.


#6 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 02 June 2010 - 11:54 PM

Okay, this didn't take as long as I thought.

ComboFix 10-06-02.02 - Christi 06/02/2010 23:28:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.3206 [GMT -5:00]
Running from: c:\documents and settings\Christi\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
C:\s
C:\Thumbs.db
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-05-31 20:14 . 2010-05-31 20:14 -------- d-----w- c:\program files\Trend Micro
2010-05-30 14:30 . 2010-05-30 14:30 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-26 21:41 . 2010-05-26 21:41 -------- d-----w- c:\documents and settings\Christi\Application Data\E-centives
2010-05-10 16:37 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-09 05:13 . 2010-05-09 05:14 -------- d-----w- C:\Dictinry
2010-05-09 05:13 . 2010-05-09 05:13 -------- d-----w- c:\program files\Prentice-Hall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 03:45 . 2010-01-20 18:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-03 03:42 . 2010-01-20 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-02 23:25 . 2010-01-22 19:16 -------- d-----w- c:\program files\Mozilla Thunderbird 2
2010-06-02 20:46 . 2007-08-05 06:33 125835493 ----a-w- c:\documents and settings\Christi\Application Data\Thunderbird\Profiles\cubhlbzz.default\Mail\Local Folders\ Newsletters.sbd\News - About.com
2010-06-02 20:33 . 2009-11-09 17:05 1 ----a-w- c:\documents and settings\Christi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-02 18:46 . 2007-08-08 16:19 4568550 ----a-w- c:\documents and settings\Christi\Application Data\Thunderbird\Profiles\cubhlbzz.default\Mail\Local Folders\ Online Buying.sbd\Amazon.com
2010-05-26 21:41 . 2010-05-26 21:41 423464 ----a-w- c:\documents and settings\Christi\Application Data\E-centives\BSTIEPrintCtl1.dll
2010-05-26 18:22 . 2006-10-27 15:33 188501 ----a-w- c:\documents and settings\Christi\Application Data\ContentGuard\CGGuard2.dll
2010-05-13 22:29 . 2006-05-19 04:25 -------- d-----w- c:\documents and settings\Christi\Application Data\AdobeUM
2010-05-10 16:43 . 2010-05-10 16:43 503808 ----a-w- c:\documents and settings\Christi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d1a5720-n\msvcp71.dll
2010-05-10 16:43 . 2010-05-10 16:43 499712 ----a-w- c:\documents and settings\Christi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d1a5720-n\jmc.dll
2010-05-10 16:43 . 2010-05-10 16:43 348160 ----a-w- c:\documents and settings\Christi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1d1a5720-n\msvcr71.dll
2010-05-10 16:40 . 2006-05-10 11:53 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 16:38 . 2010-05-10 16:38 61440 ----a-w- c:\documents and settings\Christi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-400c1d2b-n\decora-sse.dll
2010-05-10 16:38 . 2010-05-10 16:38 12800 ----a-w- c:\documents and settings\Christi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-400c1d2b-n\decora-d3d.dll
2010-05-10 16:37 . 2006-05-10 11:53 -------- d-----w- c:\program files\Java
2010-05-06 20:59 . 2010-05-02 06:17 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-05-02 06:17 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-05-02 06:17 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-05-02 06:17 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-05-02 06:17 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-05-02 06:17 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-05-02 06:17 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-05-02 06:17 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 07:22 . 2010-01-18 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 20:39 . 2010-01-18 07:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-18 07:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 21:03 . 2010-04-26 21:02 -------- d-----w- c:\program files\WallpaperToy
2010-04-26 21:01 . 2010-04-26 21:02 187072 ----a-w- c:\windows\walltoyUninst.exe
2010-04-26 07:56 . 2008-12-05 19:25 -------- d-----w- c:\program files\Amazon
2010-04-20 21:29 . 2010-05-02 04:54 65536 ----a-w- c:\documents and settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\components\Engine.dll
2010-04-14 16:47 . 2010-05-02 06:17 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 05:33 . 2006-12-14 03:40 -------- d-----w- c:\documents and settings\Christi\Application Data\U3
2010-04-05 16:37 . 2009-09-17 18:37 -------- d-----w- c:\program files\Alwil Software
2010-04-05 16:34 . 2010-04-05 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-14 17:51 . 2009-08-16 03:15 480156 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-09 22:49 . 2010-03-09 22:49 79488 ----a-w- c:\documents and settings\Christi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2008-05-28 06:08 . 2008-05-28 06:04 1495112 ----a-w- c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-01-18 3760198]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-26 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-04-30 158624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 28160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Christi\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-7-30 255408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Logitech Desktop Messenger.lnk - c:\program files\LogitechMouse\Desktop Messenger\8876480\Program\LDMConf.exe [2009-7-4 450560]
Logitech SetPoint.lnk - c:\program files\LogitechMouse\SetPoint\SetPoint.exe [2009-7-4 532480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LogitechMouse\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/17/2010 6:50 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2010 1:17 AM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2010 1:17 AM 19024]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [4/14/2009 2:51 PM 266240]
S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [7/1/1998 1:55 AM 52800]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:55]

2010-06-03 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:55]

2010-06-03 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:55]

2010-06-03 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:55]

2010-06-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://apps.facebook.com/fishworld/index.php
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: arcamax.com\www
Trusted Zone: facebook.com
Trusted Zone: facebook.com\apps
Trusted Zone: facebook.com\www
Trusted Zone: farmville.com
Trusted Zone: offerpal.com\www
Trusted Zone: slashkey.com\l1
Trusted Zone: talltreegames.com\fwlb
Trusted Zone: talltreegames.com\www*
Trusted Zone: zynga.com
Trusted Zone: zynga.com\forums
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\LogitechMouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\documents and settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\Mozilla Firefox\Mozilla Firefox 3\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\Mozilla Firefox 3\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\Mozilla Firefox 3\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\Mozilla Firefox 3\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\Mozilla Firefox 3\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\Mozilla Firefox 3\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\Mozilla Firefox 3\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\Mozilla Firefox 3\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\Mozilla Firefox 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\Mozilla Firefox 3\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\Mozilla Firefox 3\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 23:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2300)
c:\windows\system32\WININET.dll
c:\program files\LogitechMouse\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\WallpaperToy\Wallpapertoy.Exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2010-06-02 23:51:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-03 04:51

Pre-Run: 31,848,243,200 bytes free
Post-Run: 32,447,352,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B5AA105BEC69BB5A78251A46221F71CD



#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 03 June 2010 - 03:23 PM

Hello.

Yes, that's fine. It was dealt with successfully.

Let's run Malwarebytes once more. Update it first and run a quick scan and post the log for me to see.

Then, please run the following so I can take another look at your system.
Download and run OTL
  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.
  4. Push the button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 03 June 2010 - 05:37 PM

Thanks, I will do this as soon as possible. Right now, MalwareBytes is having some sort of issue with updating, but I'll keep trying.

Do I need to download a new copy of OTL, or will the one from earlier this week work?



#9 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 03 June 2010 - 06:12 PM

MalwareBytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2010 6:11:27 PM
mbam-log-2010-06-03 (18-11-27).txt

Scan type: Quick scan
Objects scanned: 130603
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 03 June 2010 - 06:21 PM

OTL.Txt file:

OTL logfile created on: 6/3/2010 6:14:59 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Christi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 30.06 Gb Free Space | 20.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.31 Gb Total Space | 153.16 Gb Free Space | 82.21% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 635.47 Gb Free Space | 68.22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7Z53Z91
Current User Name: Christi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/03 18:14:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL2.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\firefox.exe
PRC - [2010/02/05 00:53:48 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 12:56:04 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/14 14:51:23 | 000,266,240 | -H-- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/04/29 19:56:20 | 000,158,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/04/29 19:56:20 | 000,061,856 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2008/04/13 19:12:36 | 000,033,280 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 12:00:04 | 003,760,198 | ---- | M] (Zinio, LLC) -- C:\Program Files\Zinio\ZinioReader.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/31 10:14:30 | 000,532,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\LogitechMouse\SetPoint\SetPoint.exe
PRC - [2006/01/20 17:46:56 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/05/12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | -H-- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 05:00:00 | 000,019,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/12/18 13:12:26 | 000,110,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\WallpaperToy\Wallpapertoy.Exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 18:14:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL2.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/01/31 10:12:12 | 000,040,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\LogitechMouse\SetPoint\lgscroll.dll
MOD - [2005/01/19 12:50:50 | 000,499,712 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2005/01/19 12:50:50 | 000,348,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/19 19:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/02/05 00:53:48 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/04/14 14:51:23 | 000,266,240 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/04/29 19:56:32 | 005,065,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/04/29 19:56:22 | 000,245,664 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/04/29 19:56:20 | 000,061,856 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/04/13 19:12:36 | 000,033,280 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 19:12:02 | 000,105,472 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/30 17:02:26 | 000,086,016 | -H-- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004/09/29 13:14:36 | 000,069,632 | -H-- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/04 05:00:00 | 000,019,456 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2004/08/04 05:00:00 | 000,019,456 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/06/20 06:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/29 19:39:04 | 000,040,704 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/04/13 13:36:39 | 000,043,008 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/01/20 18:03:28 | 000,027,776 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/01/20 18:03:24 | 000,069,376 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/01/20 18:02:58 | 000,036,608 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/06/01 03:08:00 | 001,198,080 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/11 00:33:12 | 000,032,256 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/04/01 16:52:46 | 000,132,608 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/06 01:05:00 | 000,100,603 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 14:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/03/24 10:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/17 16:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | -H-- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | -H-- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | -H-- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | -H-- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1998/07/01 01:55:56 | 000,052,800 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\HPFECP16.SYS -- (HPFECP16)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apps.facebook.com/fishworld/index.php
IE - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/26 14:12:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 16:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\components [2010/05/03 11:36:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\plugins [2010/05/26 16:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird 2\components [2010/01/29 19:00:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 2\plugins

[2010/01/25 19:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Extensions
[2010/01/25 19:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/03 10:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions
[2009/06/29 11:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{0711a72d-2bfc-4f2d-9366-454934df3105}
[2009/01/21 02:55:06 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/02/15 12:33:33 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2006/05/19 17:33:33 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2010/03/28 00:00:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2006/05/19 17:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{50cfc120-6dc2-4851-b9b2-7355c888da0a}
[2010/05/01 23:54:12 | 000,000,000 | ---D | M] (MyPoints Point Finder) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}
[2009/06/22 11:37:29 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/29 17:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2008/12/30 18:28:23 | 000,000,000 | ---D | M] (Mozteroids) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{8a3b98a2-7bb5-4933-993d-2594ec99cc54}
[2010/02/04 13:08:17 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2009/01/02 02:02:41 | 000,000,000 | ---D | M] (Word Count Plus) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{97c7d43c-4182-49b8-9b04-b78fed89d7fb}
[2009/09/20 23:47:55 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/04/28 11:24:37 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/15 12:33:29 | 000,000,000 | ---D | M] (gTranslate) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2009/06/29 11:58:26 | 000,000,000 | ---D | M] (Xultris) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{bed1bcec-57d3-47e1-a32b-b4e5f3003019}
[2009/10/20 12:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/05/08 23:28:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/15 13:33:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/01 09:25:06 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2009/01/02 02:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\addictive_typing_lessons@tomkennedy.net
[2009/09/22 09:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\fireform@mozilla.org
[2008/12/30 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\0cyasl8n.Christi Default\extensions\pacman@oppermann.ch
[2009/03/05 23:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christi\Application Data\Mozilla\Firefox\Profiles\3gg6zonm.Chris\extensions
[2010/05/01 23:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 10:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\extensions
[2010/05/02 01:19:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/10 11:38:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions
[2006/05/19 10:21:40 | 000,000,000 | ---D | M] (Nautical Blue) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{0F29C5FB-F97B-4134-80A0-E01218CF0CE6}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2006/05/19 10:21:36 | 000,000,000 | ---D | M] (Word Count) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{205026F2-3243-49e1-8A44-A826B28C34F0}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (Ebay Negs!) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{265b0520-499e-11d9-9669-0800200c9a66}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{2C759960-017B-41c6-AD94-42601E2235AB}
[2006/05/19 10:21:39 | 000,000,000 | ---D | M] (Adblock) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2006/05/19 10:21:41 | 000,000,000 | ---D | M] (Archaic) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{366D68E8-8E61-4009-B3FC-69FC2CEBC7AB}
[2006/05/19 10:21:39 | 000,000,000 | ---D | M] (Qute) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (Microfirefox) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}
[2006/05/19 10:21:40 | 000,000,000 | ---D | M] (GrayModern) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{463ddc2c-1059-4a76-88bc-fa3b0abe6d8c}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (Translate) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{4E38B095-A1A0-46cd-9BA2-B3708444965A}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{50cfc120-6dc2-4851-b9b2-7355c888da0a}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (IE View) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2006/05/19 10:21:40 | 000,000,000 | ---D | M] (Nautical) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{7C685AB0-1049-4ca7-9B64-12A04E432CA1}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (Perennial) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{7cf1c3ae-a6b0-46af-b761-979a59974f59}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (Phoenity) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{88cb9cff-ee4a-481e-bb22-ab5c05e04c22}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2006/05/19 10:21:36 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (SpellBound) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{9EBEDB01-55DC-432b-A2DB-7E4AF3230A24}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (OpenBook) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (AspellFox) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{ae2fe5af-2c80-41cf-bc14-260a88a36e44}
[2006/05/19 10:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (Ancyent) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{b5829262-4765-048e-dc9b-4d3d4d51afdc}
[2006/05/19 10:21:36 | 000,000,000 | ---D | M] (About site) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{c01accc0-1291-11d9-9669-0800200c9a66}
[2006/05/19 10:21:42 | 000,000,000 | ---D | M] (708090) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{caddc261-9bda-4e20-961b-5eda367dbd30}
[2006/05/19 10:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{d8bd53e7-7ad6-4fb0-9dea-ee0f111fb4c8}
[2006/05/19 10:21:37 | 000,000,000 | ---D | M] (SpoofStick) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{ebcf8b39-5cb1-4233-9edf-7d6533455b8d}
[2006/05/19 10:21:41 | 000,000,000 | ---D | M] (LO-FI) -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\{lofi-0.1}
[2006/05/19 10:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Profiles\loep4ns5.default\extensions\temp
[2006/05/19 10:18:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\Profiles\yfzh2g1o.ProfileName\extensions
[2006/05/19 10:18:38 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\Profiles\yfzh2g1o.ProfileName\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/15 12:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll
[2009/02/02 00:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
[2010/05/26 16:41:05 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/06/02 23:42:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\LogitechMouse\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Christi\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: arcamax.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: farmville.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: offerpal.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: slashkey.com ([l1] * in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: talltreegames.com ([fwlb] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: talltreegames.com ([www*] http in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: zynga.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1622536041-3668196464-1688693058-1006\..Trusted Domains: zynga.com ([forums] http in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {6909a5b7-4457-4e0f-b07a-32673a89fc69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\offline-8876480 {6909A5B7-4457-4E0F-B07A-32673A89FC69} - C:\Program Files\LogitechMouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Christi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Christi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 18:12:33 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL2.exe
[2010/06/03 15:20:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/06/02 23:19:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/02 23:02:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/02 23:02:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/02 23:02:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/02 23:02:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/02 23:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/02 23:01:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/02 17:25:02 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL.exe
[2010/05/31 15:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/26 16:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christi\Application Data\E-centives
[2010/05/10 11:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/10 11:37:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/10 11:37:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/10 11:37:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/10 11:37:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/09 00:13:59 | 000,000,000 | ---D | C] -- C:\Dictinry
[2010/05/09 00:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Prentice-Hall
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/03 18:14:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL2.exe
[2010/06/03 17:58:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/03 17:58:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/06/03 17:58:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/06/03 17:58:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/06/03 17:58:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/06/03 16:20:14 | 000,025,537 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\Stpes 2010.odt
[2010/06/03 15:06:36 | 000,017,541 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\Disney 50 Days of Summer songs.odt
[2010/06/03 11:33:35 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/03 10:17:42 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 10:17:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 10:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 10:17:01 | 3756,142,592 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 01:11:00 | 014,155,776 | -H-- | M] () -- C:\Documents and Settings\Christi\NTUSER.DAT
[2010/06/03 01:10:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Christi\ntuser.ini
[2010/06/02 23:43:01 | 000,000,329 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/02 23:42:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/02 23:19:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/02 22:44:00 | 003,145,782 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp
[2010/06/02 22:19:13 | 003,702,596 | R--- | M] () -- C:\Documents and Settings\Christi\Desktop\ComboFix.exe
[2010/06/02 17:31:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christi\Desktop\OTL.exe
[2010/05/31 17:27:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Christi\My Documents\gmer.exe
[2010/05/31 17:19:53 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\gmer.zip
[2010/05/31 16:53:34 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\dds.scr
[2010/05/31 15:46:56 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Christi\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 15:14:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Christi\Desktop\HijackThis.lnk
[2010/05/30 09:30:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/21 22:37:23 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Christi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 11:30:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/05/09 00:14:05 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Understanding Music.lnk
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 15:34:37 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 11:33:35 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/02 23:19:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/02 23:19:52 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/02 23:02:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/02 23:02:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/02 23:02:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/02 23:02:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/02 23:02:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/02 22:06:44 | 003,702,596 | R--- | C] () -- C:\Documents and Settings\Christi\Desktop\ComboFix.exe
[2010/05/31 16:57:02 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\gmer.zip
[2010/05/31 16:52:18 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\dds.scr
[2010/05/31 15:46:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Christi\Local Settings\Application Data\housecall.guid.cache
[2010/05/31 15:14:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\HijackThis.lnk
[2010/05/30 09:30:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/27 12:42:27 | 000,017,541 | ---- | C] () -- C:\Documents and Settings\Christi\Desktop\Disney 50 Days of Summer songs.odt
[2010/05/09 00:14:05 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Understanding Music.lnk
[2010/01/27 22:02:37 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CBP.INI
[2009/10/02 19:46:27 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/06/12 01:30:12 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/05 00:16:50 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/17 23:57:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdPrint.INI
[2007/03/16 10:27:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007/02/25 19:58:10 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/12/14 23:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/12/14 23:43:57 | 000,000,438 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/12/14 23:43:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\HPFTBX16.INI
[2006/08/31 17:54:50 | 000,777,728 | -H-- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2006/08/31 14:26:22 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\wddx_com.dll
[2006/08/31 14:26:05 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/08/31 14:26:05 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2006/08/31 14:26:05 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/06/03 16:11:19 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/05/10 07:02:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/10 06:58:05 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/10 06:40:22 | 000,000,391 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 16:49:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/07/06 16:30:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/07/01 02:40:30 | 000,003,782 | -H-- | C] () -- C:\WINDOWS\System32\HPFlnk16.ini
[1998/07/01 02:23:58 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\HPFhrl16.dll
[1998/07/01 02:23:56 | 000,249,856 | -H-- | C] () -- C:\WINDOWS\System32\HPFsrl16.dll
[1998/07/01 02:23:50 | 000,260,096 | -H-- | C] () -- C:\WINDOWS\System32\HPFmrl16.dll
[1998/07/01 02:23:46 | 001,113,088 | -H-- | C] () -- C:\WINDOWS\System32\HPFtrl16.dll
[1998/07/01 02:20:48 | 000,193,536 | -H-- | C] () -- C:\WINDOWS\System32\HPFcps16.dll
[1998/07/01 02:20:20 | 000,076,800 | -H-- | C] () -- C:\WINDOWS\System32\HPF24r16.dll
[1998/07/01 02:19:08 | 000,044,544 | -H-- | C] () -- C:\WINDOWS\System32\HPFtst16.dll
[1998/07/01 02:17:26 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\System32\HPFpcl16.dll
[1998/07/01 02:10:40 | 000,395,264 | -H-- | C] () -- C:\WINDOWS\System32\HPFui16.dll
[1998/07/01 02:04:14 | 000,266,752 | -H-- | C] () -- C:\WINDOWS\System32\HPFwin16.dll
[1998/07/01 02:00:18 | 000,037,376 | -H-- | C] () -- C:\WINDOWS\System32\HPFmon16.dll
[1998/07/01 01:59:40 | 000,033,280 | -H-- | C] () -- C:\WINDOWS\System32\HPFcbl16.dll
[1998/07/01 01:57:42 | 000,022,528 | -H-- | C] () -- C:\WINDOWS\System32\HPFnet16.dll
[1998/07/01 01:57:28 | 000,033,384 | -H-- | C] () -- C:\WINDOWS\System32\HPFiop16.dll
[1998/07/01 01:57:16 | 000,069,284 | -H-- | C] () -- C:\WINDOWS\System32\HPFpml16.dll
[1998/07/01 01:57:12 | 000,137,232 | -H-- | C] () -- C:\WINDOWS\System32\HPFmlc16.dll
[1998/07/01 01:57:06 | 000,057,240 | -H-- | C] () -- C:\WINDOWS\System32\HPFmem16.dll
[1998/07/01 01:57:00 | 000,048,292 | -H-- | C] () -- C:\WINDOWS\System32\HPFlpm16.dll
[1998/07/01 01:56:48 | 000,072,368 | -H-- | C] () -- C:\WINDOWS\System32\HPFcom16.dll
[1998/07/01 01:55:56 | 000,052,800 | -H-- | C] () -- C:\WINDOWS\System32\drivers\HPFecp16.sys
[1998/07/01 01:55:08 | 000,029,184 | -H-- | C] () -- C:\WINDOWS\System32\HPFrsu16.dll
[1998/07/01 01:54:38 | 000,117,760 | -H-- | C] () -- C:\WINDOWS\System32\HPFrsa16.dll
[1998/07/01 01:50:12 | 001,777,664 | -H-- | C] () -- C:\WINDOWS\System32\HPFimg16.dll
[1998/07/01 01:46:52 | 000,124,928 | -H-- | C] () -- C:\WINDOWS\System32\HPFcnt16.dll
< End of report >


#11 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 03 June 2010 - 06:27 PM

Two things: I did download a fresh copy of OTL just now, and I'm not sure why, but OTL.Txt is the only report that opened, the Extras.Txt isn't here.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 05 June 2010 - 11:22 AM

Hello again,

I'm sorry about the delay had some other work that needed to be done.

Let's continue here.

That's fine, Extras didn't come out since it was ran earlier, I don't need that right now so no need to worry about that.

The logs are looking good. smile.gif

Let's get an online scan and also let me know how your computer is running and performing.

Run ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 05 June 2010 - 07:55 PM

Thanks, I'll get started on this step. Google seems to be working right again, although I haven't tested it a lot.

Will the ESET scan work over dialup? I've started it (about half an hour ago) and am still waiting for the second window to load (eset.com/online-scanner/run).

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 05 June 2010 - 09:27 PM

Hello again.

Glad Google's working fine now, that is removed.

Dial-up -well, it would work, however it might take a while to complete. If you are unable to do the scan, let me know.

Try refreshing or start over the scan process as indicated in my previous post for instructions.

Let me know how it goes.


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 ChristiK

ChristiK
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 05 June 2010 - 10:31 PM

Okay - the scan is finally started. After almost an hour, it's 7% done, so I'm guessing this will be an all-night thing. So far, it's found one thing - JS/Fortn.D virus.

I need to test Google and Yahoo Search some more, and make sure they're working as they should. The computer will start in Safe Mode now, so that problem is fixed, at least.

Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users