Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
23 replies to this topic

#1 pnguin

pnguin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 11 September 2011 - 02:04 PM

Hello,

My wife's laptop is having a problem that other posters have mentioned. When she runs a Google search (or Bing search), clicking on search results redirects her to the wrong sites: often ad sites, broken links, or other search sites related to the search term. The same thing occurs in IE, Firefox, and Chrome. I updated and ran scans using McAfee anti-virus (which I have through my employer) and Ad-Aware, but they did not resolve the problem.

I tried a few other things suggested online to deal with the "Google Redirect" virus issue, but nothing has resolved the problem yet.

I recycled the power of my modem/router. No effect.
I ran TDSS Killer (downloaded from http://support.kaspersky.com/downloads/utils/tdsskiller.zip), but this did not find anything.
I downloaded Malwarebytes and ran a full scan. It found 2 bad objects but did not resolve the problem.

I also downloaded ComboFix and started the process (after disabling McAfee and Ad-Aware live scanning), but it froze at the point of checking for infections (it didn't change the clock or finish any "stages" in the process). Had to force power off and reboot.

I see now that I need some trained help!! It looks like you guys have worked with this particular problem quite a bit, so I'm hopeful you can help us!

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:47 AM

Posted 11 September 2011 - 09:46 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 18 September 2011 - 02:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418492 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 18 September 2011 - 04:24 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 21 September 2011 - 08:29 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 pnguin

pnguin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 22 September 2011 - 11:16 PM

I have the Rootkit scan log, but when I ran DDS it caused the computer to freeze. The ####'s would get about 2/3 of the way across before totally locking up the system. I tried it 3 times from 2 different links and did my best to disable antivirus stuff before running...

In trying to deal with this I've also noticed that beyond the redirect of Google, Bing, etc. something is disabling things like Windows Firewall, Security Center, and Windows Update...

Here is the Rootkit log:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xB4575000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 2220032 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF62B9000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6213000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 679936 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF6425000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF76BF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF073000 C:\WINDOWS\System32\ialmdd5.DLL 507904 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xED81E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6161000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xEDA03000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB5B02000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF7625000 mfehidk.sys 335872 bytes (McAfee, Inc., McAfee Link Driver)
0xB4D44000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF64EA000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 266240 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF63B8000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 200704 bytes (Intel Corporation, Component GHAL Driver)
0xF61BA000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF77FB000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7692000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB5BD1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB4793000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xED88D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xED992000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF652B000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF6401000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF64B3000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6551000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xED958000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xED9E2000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7775000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77AD000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEE05A000 C:\WINDOWS\system32\drivers\ialmsbw.sys 122880 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™)
0xF77CC000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7677000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEE078000 C:\WINDOWS\system32\drivers\ialmkchw.sys 102400 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™)
0xF63E9000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF7795000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB5D2B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF6588000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 98304 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB5787000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF774C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF61FC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5D15000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xB5060000 C:\WINDOWS\system32\drivers\mfeavfk.sys 86016 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB5AED000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF64D6000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6574000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EC000 ACPI_HAL 81280 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 81280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xEDA5B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7763000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF77EA000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF61EB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB62ED000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7ABA000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF791A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF789A000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF78FA000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB632D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6C8C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7A7A000 C:\WINDOWS\system32\drivers\mfetdik.sys 57344 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xF78EA000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF788A000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7AAA000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF798A000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF786A000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6D0C000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7A6A000 C:\WINDOWS\system32\drivers\wA301a.sys 49152 bytes (Intel Corporation, Ch7009 Minidriver)
0xF78DA000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF785A000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6D1C000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6CDC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6CEC000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF799A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF787A000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF79DA000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF792A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7A9A000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF784A000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6CFC000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF79FA000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF78AA000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF79BA000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7BD2000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7B02000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7C02000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xF7BBA000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7BDA000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7BCA000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 28672 bytes (IBM Corp., IBM ThinkPad Power Management Driver)
0xF7BC2000 C:\WINDOWS\system32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF7ACA000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7BA2000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7BAA000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BB2000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7AF2000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB5D5B000 C:\WINDOWS\system32\drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xF7AFA000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AD2000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BF2000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BE2000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7BFA000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7BEA000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B9A000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB5D63000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7C62000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7CFE000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7D0E000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF65A8000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF75CC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7CF2000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C66000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7C5A000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7C5E000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB640A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7D02000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xF7CF6000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xB5BB5000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7D0A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF65C0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF75D4000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D96000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7E0E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D94000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D4E000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D4A000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D98000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DF6000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D9A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D88000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D82000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D84000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xF7D86000 C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xF7D4C000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E8C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7E43000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EF3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E13000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7E12000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [NdisIP.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [SLIP.sys]
WARNING: Virus alike driver modification [a308.sys]
WARNING: Virus alike driver modification [a314.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [a302.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [lv302af.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [a305.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [battc.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [StreamIP.sys]
WARNING: Virus alike driver modification [wacmoumonitor.sys]
WARNING: Virus alike driver modification [Lvckap.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [a306.sys]
WARNING: Virus alike driver modification [CCDECODE.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [WSTCODEC.SYS]
WARNING: Virus alike driver modification [LVMVdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vch.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [a307.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [a309.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [a303.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [a310.sys]
WARNING: Virus alike driver modification [a311.sys]
WARNING: Virus alike driver modification [wa301b.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [a313.sys]
WARNING: Virus alike driver modification [StMp3Rec.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [P1110Stb.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
WARNING: Virus alike driver modification [a304.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [MSPQM.sys]
WARNING: Virus alike driver modification [hpzid412.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [MSPCLOCK.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [MSTEE.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [USBAUDIO.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [P1110Vid.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [LV302AV.SYS]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [MSKSSRV.sys]
WARNING: Virus alike driver modification [SONYPVU1.SYS]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [NABTSFEC.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [compbatt.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [scsiport.sys]

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 22 September 2011 - 11:28 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 pnguin

pnguin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 23 September 2011 - 12:44 AM

I tried running Combofix, but it froze the system at the point where it said scanning for infections, 10 minutes or double if badly infected. It didn't complete any stages. Had to force reboot, similar to DDS.

I have McAfee Enterprise 8.7.0i on the machine. I can temporarily disable things like "On Access Scanning" but I don't know how, if it's possible, to shut it down completely. I don't know if it's causing trouble for Combofix or not.

Thanks again for your help with this...

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 23 September 2011 - 01:27 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pnguin

pnguin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 23 September 2011 - 10:20 PM

Success! ComboFix ran in just over 30 minutes with /nombr.

Google results are still redirecting. Here is the ComboFix log:

ComboFix 11-09-23.03 - Theresa 09/23/2011 21:33:23.1.1 - x86|
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.561 [GMT -5:00]
Running from: c:\documents and settings\Theresa\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Theresa\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Theresa\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Theresa\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\documents and settings\Theresa\Local Settings\Application Data\ApplicationHistory\SL115.tmp.a63f1fa5.ini
c:\documents and settings\Theresa\My Documents\~WRL0003.tmp
c:\documents and settings\Theresa\My Documents\~WRL0188.tmp
c:\documents and settings\Theresa\My Documents\~WRL1337.tmp
c:\documents and settings\Theresa\My Documents\~WRL1908.tmp
c:\documents and settings\Theresa\My Documents\~WRL2186.tmp
c:\documents and settings\Theresa\My Documents\~WRL2253.tmp
c:\documents and settings\Theresa\My Documents\~WRL2643.tmp
c:\documents and settings\Theresa\My Documents\~WRL2758.tmp
c:\documents and settings\Theresa\My Documents\~WRL3053.tmp
c:\documents and settings\Theresa\WINDOWS
c:\windows\bwUnin-7.2.0.157-8876480SL.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-08-24 to 2011-09-24 )))))))))))))))))))))))))))))))
.
.
2011-09-23 06:37 . 2011-09-23 06:37 -------- d-----w- c:\documents and settings\Administrator
2011-09-18 22:01 . 2011-09-18 22:01 -------- d-----w- c:\windows\ServicePackFiles
2011-09-18 21:54 . 2011-09-18 21:54 -------- d-----w- c:\program files\MSXML 4.0
2011-09-18 20:42 . 2011-09-19 00:19 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-09-18 20:36 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-18 20:36 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-09-18 20:31 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-09-18 20:31 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-09-18 20:31 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-09-18 20:31 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-09-18 20:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-18 19:55 . 2011-09-21 02:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-18 19:36 . 2009-08-07 00:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-09-11 06:08 . 2011-09-11 06:08 -------- d-----w- c:\documents and settings\Theresa\Application Data\Malwarebytes
2011-09-11 06:07 . 2011-07-08 12:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-11 06:07 . 2011-09-11 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-11 06:07 . 2011-07-08 12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-11 06:07 . 2011-09-11 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-08-29 01:13 . 2011-08-29 01:13 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-29 01:00 . 2011-09-23 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-08-28 19:42 . 2011-08-28 19:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-27 20:00 . 2011-08-27 20:00 62464 --sha-r- c:\windows\system32\diskcomp3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 06:01 . 2011-09-21 06:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-09-01 01:07 . 2011-03-10 05:11 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-12-16 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-12-16 118784]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-09-01 124240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Theresa^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Theresa\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-23 01:42 116040 -c----w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTZDetec.exe]
2007-12-18 19:20 401408 -c----w- c:\program files\Creative\Creative Media Lite\CTZDetec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-30 15:47 289064 -c----w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2006-06-26 14:46 497200 -c----w- c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2006-06-26 15:34 614960 -c----w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2004-10-22 00:50 155648 -c----w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 15:50 413696 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"SwPrv"=3 (0x3)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"ShellHWDetection"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Theresa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [8/31/2009 8:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/10/2011 12:11 AM 70728]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [8/6/2008 8:24 PM 3406120]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/11/2011 1:07 AM 41272]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/10/2011 12:11 AM 65448]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/6/2008 8:24 PM 15656]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-854245398-1003Core.job
- c:\documents and settings\Theresa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-02 05:18]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-854245398-1003UA.job
- c:\documents and settings\Theresa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-02 05:18]
.
2011-09-24 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]
.
2010-12-12 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-07-10 03:51]
.
2011-09-24 c:\windows\Tasks\User_Feed_Synchronization-{F674337B-DFA1-4A6C-B42C-2CA399558BD3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
2010-07-20 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-07-10 03:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
uInternet Settings,ProxyServer = proxy.msu.edu:8080
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Note this (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll/gn_menu2.html
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Theresa\Application Data\Mozilla\Firefox\Profiles\4m44qzmh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Download - c:\mediaholder\MediaHolder.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-23 21:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(7844)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2011-09-23 22:06:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-24 03:05
.
Pre-Run: 2,967,658,496 bytes free
Post-Run: 3,211,526,144 bytes free
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B16838E3B9B5A31256561B9C349D4659

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 23 September 2011 - 11:39 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pnguin

pnguin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 24 September 2011 - 01:27 AM

Hi,

Here is the log from tdsskiller. No threats were found.

01:22:10.0931 5388 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
01:22:11.0301 5388 ============================================================
01:22:11.0301 5388 Current date / time: 2011/09/24 01:22:11.0301
01:22:11.0301 5388 SystemInfo:
01:22:11.0301 5388
01:22:11.0301 5388 OS Version: 5.1.2600 ServicePack: 2.0
01:22:11.0301 5388 Product type: Workstation
01:22:11.0301 5388 ComputerName: JANETT
01:22:11.0301 5388 UserName: Theresa
01:22:11.0301 5388 Windows directory: C:\WINDOWS
01:22:11.0301 5388 System windows directory: C:\WINDOWS
01:22:11.0301 5388 Processor architecture: Intel x86
01:22:11.0301 5388 Number of processors: 1
01:22:11.0301 5388 Page size: 0x1000
01:22:11.0301 5388 Boot type: Normal boot
01:22:11.0301 5388 ============================================================
01:22:13.0134 5388 Initialize success
01:22:29.0477 8068 ============================================================
01:22:29.0477 8068 Scan started
01:22:29.0477 8068 Mode: Manual;
01:22:29.0477 8068 ============================================================
01:22:30.0248 8068 Abiosdsk - ok
01:22:30.0439 8068 abp480n5 - ok
01:22:30.0719 8068 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:22:30.0769 8068 ACPI - ok
01:22:31.0050 8068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
01:22:31.0060 8068 ACPIEC - ok
01:22:31.0320 8068 adpu160m - ok
01:22:31.0580 8068 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
01:22:31.0741 8068 aeaudio - ok
01:22:32.0031 8068 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
01:22:32.0081 8068 aec - ok
01:22:32.0391 8068 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
01:22:32.0572 8068 AFD - ok
01:22:32.0812 8068 Aha154x - ok
01:22:32.0992 8068 aic78u2 - ok
01:22:33.0163 8068 aic78xx - ok
01:22:33.0363 8068 AliIde - ok
01:22:33.0543 8068 amsint - ok
01:22:33.0733 8068 asc - ok
01:22:33.0924 8068 asc3350p - ok
01:22:34.0104 8068 asc3550 - ok
01:22:34.0334 8068 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:22:34.0344 8068 AsyncMac - ok
01:22:34.0725 8068 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:22:34.0725 8068 atapi - ok
01:22:35.0025 8068 Atdisk - ok
01:22:35.0276 8068 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:22:35.0296 8068 Atmarpc - ok
01:22:35.0556 8068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:22:35.0566 8068 audstub - ok
01:22:35.0826 8068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:22:35.0826 8068 Beep - ok
01:22:35.0856 8068 catchme - ok
01:22:36.0127 8068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:22:36.0137 8068 cbidf2k - ok
01:22:36.0427 8068 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:22:36.0427 8068 CCDECODE - ok
01:22:36.0678 8068 cd20xrnt - ok
01:22:36.0918 8068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:22:36.0928 8068 Cdaudio - ok
01:22:37.0208 8068 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
01:22:37.0208 8068 Cdfs - ok
01:22:37.0509 8068 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:22:37.0529 8068 Cdrom - ok
01:22:37.0779 8068 Changer - ok
01:22:38.0000 8068 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:22:38.0010 8068 CmBatt - ok
01:22:38.0250 8068 CmdIde - ok
01:22:38.0460 8068 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:22:38.0460 8068 Compbatt - ok
01:22:38.0690 8068 Cpqarray - ok
01:22:38.0881 8068 dac2w2k - ok
01:22:39.0051 8068 dac960nt - ok
01:22:39.0381 8068 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
01:22:39.0381 8068 Disk - ok
01:22:39.0702 8068 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
01:22:39.0812 8068 dmboot - ok
01:22:40.0113 8068 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
01:22:40.0173 8068 dmio - ok
01:22:40.0443 8068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:22:40.0453 8068 dmload - ok
01:22:40.0743 8068 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
01:22:40.0763 8068 DMusic - ok
01:22:41.0024 8068 dpti2o - ok
01:22:41.0274 8068 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
01:22:41.0294 8068 drmkaud - ok
01:22:41.0615 8068 E100B (443157a61ee37bca4dc2866d44e2c697) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:22:41.0665 8068 E100B - ok
01:22:41.0975 8068 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
01:22:42.0035 8068 Fastfat - ok
01:22:42.0306 8068 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:22:42.0326 8068 Fdc - ok
01:22:42.0616 8068 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
01:22:42.0626 8068 Fips - ok
01:22:42.0917 8068 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:22:42.0927 8068 Flpydisk - ok
01:22:43.0217 8068 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:22:43.0217 8068 FltMgr - ok
01:22:43.0507 8068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:22:43.0507 8068 Fs_Rec - ok
01:22:43.0798 8068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:22:43.0798 8068 Ftdisk - ok
01:22:44.0068 8068 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
01:22:44.0238 8068 GEARAspiWDM - ok
01:22:44.0499 8068 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:22:44.0529 8068 Gpc - ok
01:22:44.0809 8068 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:22:44.0819 8068 HidUsb - ok
01:22:45.0050 8068 hpn - ok
01:22:45.0290 8068 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:22:45.0430 8068 HPZid412 - ok
01:22:45.0691 8068 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:22:45.0791 8068 HPZipr12 - ok
01:22:46.0091 8068 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:22:46.0221 8068 HPZius12 - ok
01:22:46.0522 8068 HSFHWICH (032ba0a391d550b01ec857510dc76f3a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
01:22:46.0742 8068 HSFHWICH - ok
01:22:47.0323 8068 HSF_DP (0176682c877a22a1e369b80b82e03c1d) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
01:22:47.0834 8068 HSF_DP - ok
01:22:48.0234 8068 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
01:22:48.0304 8068 HTTP - ok
01:22:48.0535 8068 i2omgmt - ok
01:22:48.0755 8068 i2omp - ok
01:22:48.0985 8068 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:22:48.0995 8068 i8042prt - ok
01:22:49.0276 8068 ialm (3db0a9c35a5cf76386aadceda014e5e6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:22:49.0396 8068 ialm - ok
01:22:49.0656 8068 IBMPMDRV (293131c1da5f53cb05f75d637739d79c) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
01:22:49.0786 8068 IBMPMDRV - ok
01:22:50.0057 8068 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:22:50.0067 8068 Imapi - ok
01:22:50.0297 8068 ini910u - ok
01:22:50.0558 8068 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:22:50.0568 8068 IntelIde - ok
01:22:50.0978 8068 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:22:51.0008 8068 intelppm - ok
01:22:51.0269 8068 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:22:51.0279 8068 Ip6Fw - ok
01:22:51.0539 8068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:22:51.0569 8068 IpFilterDriver - ok
01:22:51.0859 8068 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:22:51.0869 8068 IpInIp - ok
01:22:52.0160 8068 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:22:52.0190 8068 IpNat - ok
01:22:52.0470 8068 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:22:52.0500 8068 IPSec - ok
01:22:52.0801 8068 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
01:22:52.0841 8068 irda - ok
01:22:53.0101 8068 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:22:53.0111 8068 IRENUM - ok
01:22:53.0382 8068 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:22:53.0392 8068 isapnp - ok
01:22:53.0662 8068 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:22:53.0672 8068 Kbdclass - ok
01:22:53.0962 8068 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:22:53.0993 8068 kbdhid - ok
01:22:54.0283 8068 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
01:22:54.0363 8068 kmixer - ok
01:22:54.0663 8068 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
01:22:54.0663 8068 KSecDD - ok
01:22:54.0744 8068 Lavasoft Kernexplorer - ok
01:22:54.0984 8068 lbrtfdc - ok
01:22:55.0535 8068 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
01:22:56.0065 8068 LVcKap - ok
01:22:56.0736 8068 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
01:22:57.0417 8068 LVMVDrv - ok
01:22:57.0678 8068 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys
01:22:57.0918 8068 LVPr2Mon - ok
01:22:58.0199 8068 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys
01:22:58.0419 8068 LVUSBSta - ok
01:22:58.0679 8068 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
01:22:58.0819 8068 MBAMSwissArmy - ok
01:22:59.0090 8068 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:22:59.0110 8068 mdmxsdk - ok
01:22:59.0380 8068 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\WINDOWS\system32\drivers\mfeapfk.sys
01:22:59.0540 8068 mfeapfk - ok
01:22:59.0801 8068 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\WINDOWS\system32\drivers\mfeavfk.sys
01:22:59.0971 8068 mfeavfk - ok
01:23:00.0241 8068 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\WINDOWS\system32\drivers\mfebopk.sys
01:23:00.0372 8068 mfebopk - ok
01:23:00.0732 8068 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\WINDOWS\system32\drivers\mfehidk.sys
01:23:00.0732 8068 mfehidk - ok
01:23:01.0053 8068 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\WINDOWS\system32\drivers\mferkdet.sys
01:23:01.0243 8068 mferkdet - ok
01:23:01.0513 8068 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\WINDOWS\system32\drivers\mfetdik.sys
01:23:01.0674 8068 mfetdik - ok
01:23:01.0964 8068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:23:01.0974 8068 mnmdd - ok
01:23:02.0234 8068 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
01:23:02.0244 8068 Modem - ok
01:23:02.0505 8068 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:23:02.0515 8068 Mouclass - ok
01:23:02.0775 8068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:23:02.0795 8068 mouhid - ok
01:23:03.0066 8068 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
01:23:03.0066 8068 MountMgr - ok
01:23:03.0276 8068 mraid35x - ok
01:23:03.0546 8068 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:23:03.0546 8068 MRxDAV - ok
01:23:03.0947 8068 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:23:03.0957 8068 MRxSmb - ok
01:23:04.0237 8068 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
01:23:04.0237 8068 Msfs - ok
01:23:04.0518 8068 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:23:04.0528 8068 MSKSSRV - ok
01:23:04.0778 8068 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:23:04.0788 8068 MSPCLOCK - ok
01:23:05.0239 8068 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
01:23:05.0279 8068 MSPQM - ok
01:23:05.0820 8068 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:23:05.0910 8068 mssmbios - ok
01:23:06.0891 8068 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
01:23:06.0911 8068 MSTEE - ok
01:23:07.0522 8068 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
01:23:07.0522 8068 Mup - ok
01:23:07.0832 8068 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:23:07.0852 8068 NABTSFEC - ok
01:23:08.0293 8068 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
01:23:08.0393 8068 NDIS - ok
01:23:08.0664 8068 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:23:08.0694 8068 NdisIP - ok
01:23:08.0984 8068 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:23:08.0994 8068 NdisTapi - ok
01:23:09.0244 8068 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:23:09.0254 8068 Ndisuio - ok
01:23:09.0545 8068 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:23:09.0575 8068 NdisWan - ok
01:23:09.0895 8068 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
01:23:09.0915 8068 NDProxy - ok
01:23:10.0196 8068 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:23:10.0196 8068 NetBIOS - ok
01:23:10.0506 8068 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:23:10.0566 8068 NetBT - ok
01:23:10.0897 8068 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
01:23:10.0897 8068 Npfs - ok
01:23:11.0187 8068 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
01:23:11.0207 8068 NSCIRDA - ok
01:23:11.0658 8068 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
01:23:11.0818 8068 Ntfs - ok
01:23:12.0089 8068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:23:12.0089 8068 Null - ok
01:23:12.0339 8068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:23:12.0349 8068 NwlnkFlt - ok
01:23:12.0629 8068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:23:12.0639 8068 NwlnkFwd - ok
01:23:12.0940 8068 P1110VID (56ebd7c43be8c9e129d452828c1532d8) C:\WINDOWS\system32\DRIVERS\P1110Vid.sys
01:23:13.0060 8068 P1110VID - ok
01:23:13.0350 8068 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
01:23:13.0380 8068 Parport - ok
01:23:13.0641 8068 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
01:23:13.0641 8068 PartMgr - ok
01:23:13.0931 8068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:23:13.0931 8068 ParVdm - ok
01:23:14.0202 8068 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
01:23:14.0212 8068 PCI - ok
01:23:14.0432 8068 PCIDump - ok
01:23:14.0642 8068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
01:23:14.0642 8068 PCIIde - ok
01:23:14.0943 8068 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
01:23:14.0953 8068 Pcmcia - ok
01:23:15.0173 8068 PDCOMP - ok
01:23:15.0353 8068 PDFRAME - ok
01:23:15.0533 8068 PDRELI - ok
01:23:15.0714 8068 PDRFRAME - ok
01:23:15.0934 8068 pepifilter (4350cb255ad546f4668c8b8afd6a00a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
01:23:16.0084 8068 pepifilter - ok
01:23:16.0355 8068 perc2 - ok
01:23:16.0555 8068 perc2hib - ok
01:23:16.0956 8068 PID_08A0 (6b310de726e1a0defd66718a7f79b5d2) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
01:23:17.0356 8068 PID_08A0 - ok
01:23:17.0647 8068 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:23:17.0667 8068 PptpMiniport - ok
01:23:17.0927 8068 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
01:23:17.0957 8068 PSched - ok
01:23:18.0227 8068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:23:18.0237 8068 Ptilink - ok
01:23:18.0528 8068 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:23:18.0528 8068 PxHelp20 - ok
01:23:18.0758 8068 ql1080 - ok
01:23:18.0938 8068 Ql10wnt - ok
01:23:19.0119 8068 ql12160 - ok
01:23:19.0299 8068 ql1240 - ok
01:23:19.0489 8068 ql1280 - ok
01:23:19.0719 8068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:23:19.0740 8068 RasAcd - ok
01:23:20.0010 8068 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
01:23:20.0030 8068 Rasirda - ok
01:23:20.0300 8068 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:23:20.0320 8068 Rasl2tp - ok
01:23:20.0601 8068 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:23:20.0611 8068 RasPppoe - ok
01:23:20.0881 8068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:23:20.0891 8068 Raspti - ok
01:23:21.0212 8068 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:23:21.0212 8068 Rdbss - ok
01:23:21.0502 8068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:23:21.0502 8068 RDPCDD - ok
01:23:21.0823 8068 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:23:21.0883 8068 rdpdr - ok
01:23:22.0193 8068 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
01:23:22.0253 8068 RDPWD - ok
01:23:22.0544 8068 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:23:22.0564 8068 redbook - ok
01:23:22.0894 8068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:23:22.0904 8068 Secdrv - ok
01:23:23.0174 8068 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:23:23.0184 8068 serenum - ok
01:23:23.0455 8068 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
01:23:23.0475 8068 Serial - ok
01:23:23.0765 8068 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:23:23.0765 8068 Sfloppy - ok
01:23:24.0086 8068 Simbad - ok
01:23:24.0316 8068 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:23:24.0326 8068 SLIP - ok
01:23:24.0757 8068 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys
01:23:25.0177 8068 smwdm - ok
01:23:25.0448 8068 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
01:23:25.0458 8068 SONYPVU1 - ok
01:23:25.0678 8068 Sparrow - ok
01:23:25.0938 8068 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
01:23:25.0948 8068 splitter - ok
01:23:26.0219 8068 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
01:23:26.0219 8068 sr - ok
01:23:26.0589 8068 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
01:23:26.0589 8068 Srv - ok
01:23:26.0850 8068 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:23:26.0850 8068 streamip - ok
01:23:27.0120 8068 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:23:27.0130 8068 swenum - ok
01:23:27.0401 8068 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
01:23:27.0431 8068 swmidi - ok
01:23:27.0661 8068 symc810 - ok
01:23:27.0841 8068 symc8xx - ok
01:23:28.0061 8068 sym_hi - ok
01:23:28.0252 8068 sym_u3 - ok
01:23:28.0542 8068 SynTP (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
01:23:28.0732 8068 SynTP - ok
01:23:29.0013 8068 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
01:23:29.0033 8068 sysaudio - ok
01:23:29.0403 8068 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:23:29.0524 8068 Tcpip - ok
01:23:29.0784 8068 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:23:29.0794 8068 TDPIPE - ok
01:23:30.0074 8068 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
01:23:30.0094 8068 TDTCP - ok
01:23:30.0345 8068 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:23:30.0355 8068 TermDD - ok
01:23:30.0755 8068 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
01:23:31.0226 8068 tmcomm - ok
01:23:31.0587 8068 TosIde - ok
01:23:31.0917 8068 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
01:23:31.0947 8068 Udfs - ok
01:23:32.0217 8068 ultra - ok
01:23:32.0548 8068 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
01:23:32.0668 8068 Update - ok
01:23:32.0928 8068 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:23:33.0039 8068 USBAAPL - ok
01:23:33.0319 8068 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
01:23:33.0339 8068 usbaudio - ok
01:23:33.0599 8068 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:23:33.0609 8068 usbccgp - ok
01:23:33.0880 8068 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:23:33.0900 8068 usbehci - ok
01:23:34.0170 8068 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:23:34.0190 8068 usbhub - ok
01:23:34.0451 8068 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:23:34.0481 8068 usbprint - ok
01:23:34.0721 8068 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:23:34.0731 8068 usbscan - ok
01:23:34.0991 8068 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:23:35.0001 8068 USBSTOR - ok
01:23:35.0262 8068 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:23:35.0272 8068 usbuhci - ok
01:23:35.0552 8068 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
01:23:35.0562 8068 VgaSave - ok
01:23:35.0783 8068 ViaIde - ok
01:23:35.0993 8068 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
01:23:36.0013 8068 VolSnap - ok
01:23:36.0754 8068 w22n51 (b6cb2cce557ce57c72c3d31e701e6e39) C:\WINDOWS\system32\DRIVERS\w22n51.sys
01:23:37.0395 8068 w22n51 - ok
01:23:38.0286 8068 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
01:23:39.0067 8068 w29n51 - ok
01:23:39.0348 8068 wacmoumonitor (7750604aeea6ea05096feeec5998611a) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
01:23:39.0448 8068 wacmoumonitor - ok
01:23:39.0698 8068 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
01:23:39.0848 8068 wacommousefilter - ok
01:23:40.0159 8068 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
01:23:40.0329 8068 wacomvhid - ok
01:23:40.0579 8068 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
01:23:40.0720 8068 WacomVKHid - ok
01:23:41.0000 8068 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:23:41.0020 8068 Wanarp - ok
01:23:41.0260 8068 WDICA - ok
01:23:41.0491 8068 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
01:23:41.0521 8068 wdmaud - ok
01:23:42.0082 8068 winachsf (990b67bbe1475232a04b1c70af95664c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:23:42.0452 8068 winachsf - ok
01:23:42.0773 8068 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:23:42.0783 8068 WSTCODEC - ok
01:23:43.0053 8068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:23:43.0073 8068 WudfPf - ok
01:23:43.0343 8068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:23:43.0374 8068 WudfRd - ok
01:23:43.0694 8068 {6080A529-897E-4629-A488-ABA0C29B635E} (9c4b8ead60c0ce09c0fcf49f6788bb19) C:\WINDOWS\system32\drivers\ialmsbw.sys
01:23:43.0834 8068 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
01:23:44.0145 8068 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dfebdcc9e3678fad34b14867c47c1036) C:\WINDOWS\system32\drivers\ialmkchw.sys
01:23:44.0295 8068 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
01:23:44.0545 8068 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (ad4fe23b86d72b1214c17707f470e87f) C:\WINDOWS\system32\drivers\wA301a.sys
01:23:44.0665 8068 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
01:23:44.0695 8068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:23:44.0926 8068 \Device\Harddisk0\DR0 - ok
01:23:44.0936 8068 Boot (0x1200) (63a435564e1c41914cfbaf9f74bf3063) \Device\Harddisk0\DR0\Partition0
01:23:44.0936 8068 \Device\Harddisk0\DR0\Partition0 - ok
01:23:44.0936 8068 ============================================================
01:23:44.0936 8068 Scan finished
01:23:44.0936 8068 ============================================================
01:23:44.0966 4412 Detected object count: 0
01:23:44.0966 4412 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 24 September 2011 - 01:43 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pnguin

pnguin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 24 September 2011 - 11:53 AM

Here is the OTL.txt information. I'm not sure what you mean by OTListIt.txt

OTL logfile created on: 9/24/2011 2:22:45 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Theresa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Country: United States | Language: ENU | Date Format: M/d/yyyy

758.42 Mb Total Physical Memory | 263.48 Mb Available Physical Memory | 34.74% Memory free
1.44 Gb Paging File | 1.05 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.80 Gb Total Space | 3.02 Gb Free Space | 9.20% Space Free | Partition Type: NTFS

Computer Name: JANETT | User Name: Theresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Theresa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (P1110VID) -- C:\WINDOWS\system32\drivers\P1110Vid.sys (Creative Technology Ltd.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) -- C:\WINDOWS\system32\drivers\wa301a.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.msu.edu:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.msu.edu:8080



IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?tab=mw&hl=en&source=iglk
IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.msu.edu:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..network.proxy.ftp: "proxy.msu.edu"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.msu.edu"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.msu.edu"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.msu.edu"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.msu.edu"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/21 01:34:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/21 01:33:50 | 000,000,000 | ---D | M]

[2011/04/06 21:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Extensions
[2010/03/13 00:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/21 00:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Firefox\Profiles\4m44qzmh.default\extensions
[2011/09/21 00:10:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Firefox\Profiles\4m44qzmh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/13 17:46:59 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Firefox\Profiles\4m44qzmh.default\searchplugins\askcom.xml
[2011/09/21 01:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/23 21:52:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (&Google Notebook) - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Google Notebook) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O3 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\..\Toolbar\WebBrowser: (Google Notebook) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1417001333-746137067-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Note this (Google Notebook) - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O8 - Extra context menu item: Note this item (Google Notebook) - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316374466300 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BED6B1B-20CB-41BD-AC28-AD339B761C47}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bw+0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {B2205786-9C47-462F-B5FD-7F0F847BCD36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Theresa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Theresa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/21 16:51:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/24 02:21:20 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Theresa\Desktop\OTL.exe
[2011/09/24 01:21:49 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Theresa\Desktop\tdsskiller.exe
[2011/09/23 22:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/23 01:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/09/22 23:46:30 | 004,238,357 | R--- | C] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\ComboFix.exe
[2011/09/22 22:37:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\dds.pif
[2011/09/21 00:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/21 00:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/20 20:40:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/18 17:01:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/09/18 16:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/09/18 15:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/09/18 15:36:41 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/09/18 15:31:26 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/09/18 15:31:21 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/09/18 15:31:17 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/09/18 15:31:09 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/09/18 15:25:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/09/18 14:55:48 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/18 14:36:39 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011/09/11 01:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theresa\Application Data\Malwarebytes
[2011/09/11 01:07:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/11 01:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/11 01:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/11 01:07:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/11 01:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/11 00:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theresa\Start Menu\Programs\Google Chrome
[2011/09/10 23:47:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/10 23:36:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/10 23:36:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/10 23:36:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/10 23:36:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/10 23:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/10 23:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/28 20:13:54 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/28 20:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/08/28 14:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\Documents and Settings\Theresa\Desktop\*.tmp files -> C:\Documents and Settings\Theresa\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 02:21:25 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theresa\Desktop\OTL.exe
[2011/09/24 01:54:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-854245398-1003UA.job
[2011/09/24 01:21:54 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Theresa\Desktop\tdsskiller.exe
[2011/09/24 01:03:01 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/09/24 00:54:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-854245398-1003Core.job
[2011/09/23 22:57:50 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F674337B-DFA1-4A6C-B42C-2CA399558BD3}.job
[2011/09/23 21:52:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/23 21:51:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 21:51:39 | 795,332,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 21:29:50 | 004,238,357 | R--- | M] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\ComboFix.exe
[2011/09/23 01:11:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/23 01:11:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/22 23:05:11 | 000,045,472 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Rootkit Unhooker Report
[2011/09/22 23:00:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\RKUnhookerLE.EXE
[2011/09/22 22:47:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/22 22:37:56 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\dds.pif
[2011/09/21 18:37:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Theresa\defogger_reenable
[2011/09/21 14:08:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/21 01:49:12 | 000,023,670 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy scan report.pdf
[2011/09/21 01:34:13 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/21 01:34:12 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/21 00:40:09 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/21 00:40:09 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011/09/20 23:36:40 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Theresa\My Documents\WindowsUpdateBackup.reg
[2011/09/20 22:41:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Theresa\My Documents\WindowsFirewallBackup.reg
[2011/09/20 21:57:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/20 21:37:17 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/20 21:37:17 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/20 21:04:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/20 20:57:52 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/20 20:57:51 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Google Chrome.lnk
[2011/09/20 20:46:17 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/18 17:36:36 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/18 15:35:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/11 01:07:50 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 20:13:53 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/28 12:28:45 | 000,051,303 | ---- | M] () -- C:\Documents and Settings\Theresa\My Documents\theresa_cafepress-madison-2.pdf
[2011/08/27 15:00:40 | 000,062,464 | RHS- | M] () -- C:\WINDOWS\System32\diskcomp3.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\Documents and Settings\Theresa\Desktop\*.tmp files -> C:\Documents and Settings\Theresa\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/23 22:02:22 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/09/23 16:52:20 | 795,332,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/22 23:05:11 | 000,045,472 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Rootkit Unhooker Report
[2011/09/22 23:00:10 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\RKUnhookerLE.EXE
[2011/09/21 18:37:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Theresa\defogger_reenable
[2011/09/21 01:49:07 | 000,023,670 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy scan report.pdf
[2011/09/21 01:34:12 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/21 01:34:12 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/21 00:40:09 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/21 00:40:09 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011/09/20 23:36:40 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Theresa\My Documents\WindowsUpdateBackup.reg
[2011/09/20 22:41:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Theresa\My Documents\WindowsFirewallBackup.reg
[2011/09/20 20:46:16 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/20 20:46:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/20 18:05:30 | 000,250,032 | ---- | C] () -- C:\NTLDR
[2011/09/11 01:07:50 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/11 00:56:32 | 000,002,307 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Google Chrome.lnk
[2011/09/11 00:56:32 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/10 23:47:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/10 23:47:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/10 23:36:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/10 23:36:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/10 23:36:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/10 23:36:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/10 23:36:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/01 23:54:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/01 23:54:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/28 12:28:29 | 000,051,303 | ---- | C] () -- C:\Documents and Settings\Theresa\My Documents\theresa_cafepress-madison-2.pdf
[2011/08/27 15:00:40 | 000,062,464 | RHS- | C] () -- C:\WINDOWS\System32\diskcomp3.dll
[2011/05/22 14:55:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/02 23:46:07 | 000,002,575 | ---- | C] () -- C:\Documents and Settings\Theresa\Local Settings\Application Data\Media Holder.xml
[2010/04/23 23:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/09/14 19:54:15 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/13 23:41:46 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/09/05 20:24:17 | 000,009,436 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2007/08/21 13:32:28 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2006/12/28 12:25:20 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/26 01:31:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/26 01:29:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/06/13 17:04:18 | 000,000,609 | RH-- | C] () -- C:\WINDOWS\System32\ttri.dat
[2006/01/09 17:18:11 | 000,000,322 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/12/22 18:53:11 | 000,081,920 | ---- | C] () -- C:\WINDOWS\ASR32311.DLL
[2005/12/22 18:53:10 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2005/12/22 18:53:02 | 000,153,200 | ---- | C] () -- C:\WINDOWS\PSPRT.INI
[2005/12/22 18:53:02 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PSPRTGEN.INI
[2004/12/08 21:10:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/12/08 21:09:56 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SMAVLANG.INI
[2004/10/25 09:26:05 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/10/22 16:44:53 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Theresa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/21 19:47:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 18:30:31 | 000,038,771 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2004/10/21 18:30:31 | 000,029,098 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2004/10/21 16:54:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/21 16:47:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 11:47:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/21 11:46:36 | 000,178,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/06 19:17:40 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/06 19:17:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/06 19:17:39 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/06 19:17:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/06 19:17:35 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/06 19:17:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/06 19:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/06 19:17:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/06 19:17:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/06 19:16:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/02/27 06:05:06 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/03 00:25:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2003/07/03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/06/24 13:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/02/03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/07/10 10:40:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\RenewMTB1413.exe

< End of report >

#15 pnguin

pnguin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 24 September 2011 - 11:55 AM

Here is the OTL.txt information. I'm not sure what you mean by OTListIt.txt

OTL logfile created on: 9/24/2011 2:22:45 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Theresa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Country: United States | Language: ENU | Date Format: M/d/yyyy

758.42 Mb Total Physical Memory | 263.48 Mb Available Physical Memory | 34.74% Memory free
1.44 Gb Paging File | 1.05 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.80 Gb Total Space | 3.02 Gb Free Space | 9.20% Space Free | Partition Type: NTFS

Computer Name: JANETT | User Name: Theresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Theresa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (P1110VID) -- C:\WINDOWS\system32\drivers\P1110Vid.sys (Creative Technology Ltd.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) -- C:\WINDOWS\system32\drivers\wa301a.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.msu.edu:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.msu.edu:8080



IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?tab=mw&hl=en&source=iglk
IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.msu.edu:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..network.proxy.ftp: "proxy.msu.edu"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.msu.edu"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.msu.edu"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.msu.edu"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.msu.edu"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/21 01:34:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/21 01:33:50 | 000,000,000 | ---D | M]

[2011/04/06 21:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Extensions
[2010/03/13 00:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/21 00:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Firefox\Profiles\4m44qzmh.default\extensions
[2011/09/21 00:10:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Firefox\Profiles\4m44qzmh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/13 17:46:59 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Mozilla\Firefox\Profiles\4m44qzmh.default\searchplugins\askcom.xml
[2011/09/21 01:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Theresa\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Theresa\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/23 21:52:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (&Google Notebook) - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Google Notebook) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O3 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\..\Toolbar\WebBrowser: (Google Notebook) - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1417001333-746137067-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1417001333-746137067-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Note this (Google Notebook) - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O8 - Extra context menu item: Note this item (Google Notebook) - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--24069399.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316374466300 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BED6B1B-20CB-41BD-AC28-AD339B761C47}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bw+0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {b2205786-9c47-462f-b5fd-7f0f847bcd36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {B2205786-9C47-462F-B5FD-7F0F847BCD36} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Theresa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Theresa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/21 16:51:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/24 02:21:20 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Theresa\Desktop\OTL.exe
[2011/09/24 01:21:49 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Theresa\Desktop\tdsskiller.exe
[2011/09/23 22:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/23 01:16:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/09/22 23:46:30 | 004,238,357 | R--- | C] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\ComboFix.exe
[2011/09/22 22:37:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\dds.pif
[2011/09/21 00:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/21 00:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/20 20:40:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/18 17:01:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/09/18 16:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/09/18 15:42:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/09/18 15:36:41 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/09/18 15:31:26 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/09/18 15:31:21 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/09/18 15:31:17 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/09/18 15:31:09 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/09/18 15:25:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/09/18 14:55:48 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/18 14:36:39 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011/09/11 01:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theresa\Application Data\Malwarebytes
[2011/09/11 01:07:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/11 01:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/11 01:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/11 01:07:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/11 01:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/11 00:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Theresa\Start Menu\Programs\Google Chrome
[2011/09/10 23:47:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/10 23:36:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/10 23:36:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/10 23:36:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/10 23:36:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/10 23:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/10 23:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/28 20:13:54 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/28 20:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/08/28 14:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\Documents and Settings\Theresa\Desktop\*.tmp files -> C:\Documents and Settings\Theresa\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 02:21:25 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Theresa\Desktop\OTL.exe
[2011/09/24 01:54:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-854245398-1003UA.job
[2011/09/24 01:21:54 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Theresa\Desktop\tdsskiller.exe
[2011/09/24 01:03:01 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/09/24 00:54:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-746137067-854245398-1003Core.job
[2011/09/23 22:57:50 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F674337B-DFA1-4A6C-B42C-2CA399558BD3}.job
[2011/09/23 21:52:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/23 21:51:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 21:51:39 | 795,332,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 21:29:50 | 004,238,357 | R--- | M] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\ComboFix.exe
[2011/09/23 01:11:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/23 01:11:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/22 23:05:11 | 000,045,472 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Rootkit Unhooker Report
[2011/09/22 23:00:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\RKUnhookerLE.EXE
[2011/09/22 22:47:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/22 22:37:56 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Theresa\Desktop\dds.pif
[2011/09/21 18:37:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Theresa\defogger_reenable
[2011/09/21 14:08:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/21 01:49:12 | 000,023,670 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy scan report.pdf
[2011/09/21 01:34:13 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/21 01:34:12 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/21 00:40:09 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/21 00:40:09 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011/09/20 23:36:40 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Theresa\My Documents\WindowsUpdateBackup.reg
[2011/09/20 22:41:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Theresa\My Documents\WindowsFirewallBackup.reg
[2011/09/20 21:57:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/20 21:37:17 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/20 21:37:17 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/20 21:04:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/20 20:57:52 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/20 20:57:51 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Theresa\Desktop\Google Chrome.lnk
[2011/09/20 20:46:17 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/18 17:36:36 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/18 15:35:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/11 01:07:50 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/28 20:13:53 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/08/28 12:28:45 | 000,051,303 | ---- | M] () -- C:\Documents and Settings\Theresa\My Documents\theresa_cafepress-madison-2.pdf
[2011/08/27 15:00:40 | 000,062,464 | RHS- | M] () -- C:\WINDOWS\System32\diskcomp3.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\Documents and Settings\Theresa\Desktop\*.tmp files -> C:\Documents and Settings\Theresa\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/23 22:02:22 | 000,000,320 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/09/23 16:52:20 | 795,332,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/22 23:05:11 | 000,045,472 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Rootkit Unhooker Report
[2011/09/22 23:00:10 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\RKUnhookerLE.EXE
[2011/09/21 18:37:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Theresa\defogger_reenable
[2011/09/21 01:49:07 | 000,023,670 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy scan report.pdf
[2011/09/21 01:34:12 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/21 01:34:12 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/21 00:40:09 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/21 00:40:09 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011/09/20 23:36:40 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Theresa\My Documents\WindowsUpdateBackup.reg
[2011/09/20 22:41:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Theresa\My Documents\WindowsFirewallBackup.reg
[2011/09/20 20:46:16 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/20 20:46:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/20 18:05:30 | 000,250,032 | ---- | C] () -- C:\NTLDR
[2011/09/11 01:07:50 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/11 00:56:32 | 000,002,307 | ---- | C] () -- C:\Documents and Settings\Theresa\Desktop\Google Chrome.lnk
[2011/09/11 00:56:32 | 000,002,285 | ---- | C] () -- C:\Documents and Settings\Theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/10 23:47:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/10 23:47:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/10 23:36:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/10 23:36:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/10 23:36:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/10 23:36:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/10 23:36:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/01 23:54:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/01 23:54:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/28 12:28:29 | 000,051,303 | ---- | C] () -- C:\Documents and Settings\Theresa\My Documents\theresa_cafepress-madison-2.pdf
[2011/08/27 15:00:40 | 000,062,464 | RHS- | C] () -- C:\WINDOWS\System32\diskcomp3.dll
[2011/05/22 14:55:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/04/02 23:46:07 | 000,002,575 | ---- | C] () -- C:\Documents and Settings\Theresa\Local Settings\Application Data\Media Holder.xml
[2010/04/23 23:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/09/14 19:54:15 | 000,000,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/13 23:41:46 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/09/05 20:24:17 | 000,009,436 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2007/08/21 13:32:28 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2006/12/28 12:25:20 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/26 01:31:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/26 01:29:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/06/13 17:04:18 | 000,000,609 | RH-- | C] () -- C:\WINDOWS\System32\ttri.dat
[2006/01/09 17:18:11 | 000,000,322 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/12/22 18:53:11 | 000,081,920 | ---- | C] () -- C:\WINDOWS\ASR32311.DLL
[2005/12/22 18:53:10 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2005/12/22 18:53:02 | 000,153,200 | ---- | C] () -- C:\WINDOWS\PSPRT.INI
[2005/12/22 18:53:02 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PSPRTGEN.INI
[2004/12/08 21:10:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/12/08 21:09:56 | 000,000,052 | ---- | C] () -- C:\WINDOWS\SMAVLANG.INI
[2004/10/25 09:26:05 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/10/22 16:44:53 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Theresa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/21 19:47:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 18:30:31 | 000,038,771 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2004/10/21 18:30:31 | 000,029,098 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2004/10/21 16:54:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/21 16:47:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 11:47:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/10/21 11:46:36 | 000,178,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/06 19:17:40 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/06 19:17:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/06 19:17:39 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/06 19:17:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/06 19:17:35 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/06 19:17:34 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/06 19:17:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/06 19:17:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/06 19:17:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/06 19:16:26 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/02/27 06:05:06 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/07/03 00:25:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2003/07/03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/06/24 13:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/02/03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/07/10 10:40:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\RenewMTB1413.exe

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users