Malware not found, websites asking for concerning information

[hondasptbk]

Hello,

I have had some strange activity happening on my PC the last few days. Many of the websites that I have tried to authenticate in to have presented a stop over message when I enter my user ID and password. I have been testing with fake user ID's and passwords that should not even authenticate, but I'm still getting the same stop overs.

The websites I have tried are wellsfargo.com and ebay.com, both asking for "personal information," including ssn, mother's maiden name, and bank account information. I have logged in from other PC's and do not have the same results.

AVg had stated that it found Trojan horse BackDoor.Generic10.JBN last week, but it said it removed and healed the virus and has not found anything since. Malwarebytes also found a trojan, but said it has removed the virus, however, it finds the same virus every time I run it (Trojan.Agent @ HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mem32). Every time I run Spybot, it finds no issues.

Please let me know what I can do to fix this.

Thank You.

 

[Blade81]

Hi,

Hopefully you haven't inputted those login credientals in the shown fields. If so, you should change passwords using clean machine.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

 

[hondasptbk]

Blade,

Can you give me some examples of script blockers that might be preventing me from running DDS? I have been trying to run this for a couple of days, but to no avail. The script prompt appears to hang. I have let it sit there for hours, but the reports have never populated for me.

Thank You

 

[Blade81]

It should be enough to have antivirus protection disabled while running DDS. If that doesn't help please try to run in safe mode.

 

[Blade81]

Are you still needing help?

 

[hondasptbk]

I do still need help...sorry for the delayed response, but, I went on a business trip and did not have access to this machine.

I have disabled my anti-virus and tried running dds in safe mode, however, I never seem to get any results back. The instructions come into a command prompt looking window and some colon's start to appear at the bottom of the screen. It will populate anywhere from 4 or 5 colons, to multiple rows depending on when I run the script, however, no log ever appears. I have left the script running for hours and have to eventually kill it, as it appears to just hang.

Any suggestions?

 

[Blade81]

Hi,

Have you tried to run GMER yet? Please do if you haven't.

We'll replace DDS with other tool:

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

 

[hondasptbk]

Here are the RSIT logs...I'm still working on GMER. It's not going as smooth as i'd hope.

Info:

info.txt logfile of random's system information tool 1.06 2010-02-27 08:50:37

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Illustrator 8.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Illustrator 8.0\Uninst.dll"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ableton Live v7.0.1-->"C:\Program Files\Ableton\Live 7.0.1\Uninstall\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AI Gear-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B568B64-0BDE-4FB2-A1AB-8A41DF033C57}\setup.exe" -l0x9
Alesis Multimix Firewire-->MsiExec.exe /I{C510B035-E21E-45E2-99DB-CCB4C8679D04}
American Greetings® Art & More Store-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mindscape\Art & More Store\Uninst.isu"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon IJ Network Scan Utility-->C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE
Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Drivers 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF3DD04-F386-46B0-97FC-B86238B65487}\Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109AB81D-9732-40B3-9C1F-113A86CE6F93}\setup.exe" /SUUninstall
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MX700 series User Registration-->C:\Program Files\Canon\IJEREG\MX700 series\UNINST.EXE
Canon MX700 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon ScanGearStarter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DENON DJ ASIO Driver-->MsiExec.exe /I{E2BF2060-D1DB-441A-8739-30E7BAA534BA}
Enigma-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}\setup.exe" -l0x9 -removeonly
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
EZ Calendar-->"C:\PROGRA~1\Freeze.com\EZCALE~1\UNINSTAL.EXE"
Game Maker 7.0-->C:\Program Files\Game_Maker7\Uninstal.exe
GGE v2.0-->C:\Program Files\GGE v2.0\uninstall.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Home Ftp Server 1.9.2.127-->"C:\Program Files\Home Series\Home Ftp Server\unins000.exe"
Home Ftp Server-->MsiExec.exe /X{95909360-C5DC-4472-B7B2-A715D3B16CCA}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hunting Unlimited 4 1.0-->C:\Program Files\Hunting Unlimited 4\uninst.exe
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java 2 Runtime Environment, SE v1.4.2_15-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Joystick 2 Mouse 3-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Joystick 2 Mouse 3
KartRider-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33562881 -locale:US
Knoll Light Factory EZ Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 14\Plugins\RTFx\klfezstudio.log
KORG padKONTROL Editor Librarian-->MsiExec.exe /I{98C93365-3A20-46F6-80B4-AD4835D384C7}
KORG USB-MIDI Driver Tools for Windows-->MsiExec.exe /I{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Harmony Remote Software 7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe" -l0x9 -removeonly
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Magic Bullet Looks Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 14\Plugins\RTFx\mblooksstudio.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
M-Audio Series II MIDI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MIDI-OX-->MsiExec.exe /I{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}
MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 to MP3 Converter-->C:\Program Files\MP4Converter\MP4 to MP3 Converter 3\Uninstall.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9 Lite-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PeaZip 2.3a-->"C:\Program Files\PeaZip\unins000.exe"
PhotoDVD 2.8.3-->"C:\Program Files\vso\PhotoDVD\unins000.exe"
PhotoViewer v0.02-->"C:\Program Files\PhotoViewerV02\uninst.exe"
Pinnacle Studio 14-->MsiExec.exe /I{AADD1C8F-D59F-4D55-A726-768C71A205A8}
Pinnacle Studio Ultimate Collection Plugins-->MsiExec.exe /I{F5C372A1-40F3-49DA-A049-F75CDE9177DC}
Pinnacle Video Driver-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! PageManager 6.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\SETUP.EXE" -l0x9 anything
Presto! PageManager 7.15.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
PrintMaster 7.00-->c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Giant ToonIt Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 14\Plugins\RTFx\rgtoonitstudio.log
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Scratch Live 1.9.2 (19222)-->MsiExec.exe /I{8FE3E922-C58B-4E18-A923-FC85530C23C5}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Serif DrawPlus 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Sonic Foundry Sound Forge 4.5c-->C:\PROGRA~1\SOUNDF~1\UNWISE.EXE C:\PROGRA~1\SOUNDF~1\INSTALL.LOG
Sony Image Data Suite-->C:\Program Files\InstallShield Installation Information\{359FCAA7-B544-4147-AE3B-8C8A526E2427}\setup.exe -runfromtemp -l0x0009 -removeonly
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sound Blaster Live! Web 2K/XP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SwiftMP3 1.0.4-->"C:\Program Files\SwiftTools\SwiftMP3\unins000.exe"
Trapcode 3DStroke Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 14\Plugins\RTFx\tc3dstrokestudio.log
Trapcode Particular Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 14\Plugins\RTFx\tcparticularstudio.log
Trapcode Shine Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 14\Plugins\RTFx\tcshinestudio.log
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WAV to MP3 Encoder-->C:\PROGRA~1\WAVTOM~1\UNWISE.EXE C:\PROGRA~1\WAVTOM~1\INSTALL.LOG
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Driver Package - Alesis (AlesisFirewire) MEDIA (03/06/2008 3.1.0.1210)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\AlesisFire_788118397DF78621C845B0406EFF36B45C98DED6\AlesisFirewire.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 3.8.2-->"C:\Program Files\WinSCP3\unins000.exe"
Wisdom-soft ScreenHunter 5.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HOMESTYLEE
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 9255
Source Name: Service Control Manager
Time Written: 20100122161303.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 9252
Source Name: Service Control Manager
Time Written: 20100122161303.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 9249
Source Name: Service Control Manager
Time Written: 20100122161303.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 9246
Source Name: Service Control Manager
Time Written: 20100122161302.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 9243
Source Name: Service Control Manager
Time Written: 20100122161302.000000-480
Event Type: error
User:

=====Application event log=====

Computer Name: HOMESTYLEE
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16574, faulting module quicktime.qts, version 7.3.0.70, fault address 0x0006f424.

Record Number: 477
Source Name: Application Error
Time Written: 20080130130030.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16574, faulting module quicktime.qts, version 7.3.0.70, fault address 0x0006f424.

Record Number: 476
Source Name: Application Error
Time Written: 20080130123957.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16574, faulting module quicktime.qts, version 7.3.0.70, fault address 0x0006f424.

Record Number: 475
Source Name: Application Error
Time Written: 20080128154655.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16574, faulting module quicktime.qts, version 7.3.0.70, fault address 0x0006f424.

Record Number: 465
Source Name: Application Error
Time Written: 20080124100101.000000-480
Event Type: error
User:

Computer Name: HOMESTYLEE
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 464
Source Name: Application Hang
Time Written: 20080124075415.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

 

[hondasptbk]

RSIT log (the two together were too long for one post):

Logfile of random's system information tool 1.06 (written by random/random)
Run by DJ at 2010-02-27 08:50:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 29 GB (30%) free of 95 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:36 AM, on 2/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\AI Gear\GearHelp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\DJ\Desktop\RSIT.exe
C:\Program Files\trend micro\DJ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Mem32] rundll32.exe "C:\Documents and Settings\DJ\Application Data\Adobe\Update\getset.dat""
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1194369867421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194369856953
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A41EBD53-173B-4189-BE65-229CBFC614B3}: NameServer = 68.111.16.30,68.111.16.25
O18 - Protocol: bw+0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: offline-8876480 - {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 20781 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-11 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-05 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-01 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"Ai Gear Help"=C:\Program Files\ASUS\AI Gear\GearHelp.exe [2006-07-27 415744]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-01 149280]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Joystick 2 Mouse"=C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe [2005-07-27 176128]
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-31 2033432]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-02-06 36864]
"Mem32"=C:\Documents and Settings\DJ\Application Data\Adobe\Update\getset.dat [2010-02-26 124416]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\DJ\Start Menu\Programs\Utilites\Startup
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-15 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabledreamweaver MX"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\KartRider\NMService.exe"="C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo"
"C:\Program Files\AVG\AVG8\avgtray.exe"="C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:avgtray"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE"="C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE:*:Enabled:BJMyPrt"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\BlueBirds.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}]
shell\Auto\command - I:\Se81.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Se81.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4eea296-c4e3-11de-a9b1-806d6172696f}]
shell\AutoRun\command - E:\BlueBirds.exe


======List of files/folders created in the last 1 months======

2010-02-27 08:40:01 ----D---- C:\rsit
2010-02-13 15:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-13 15:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-13 15:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-13 15:42:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-13 15:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-13 15:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-13 15:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-13 15:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-13 15:41:36 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-13 14:46:34 ----A---- C:\WINDOWS\rasqervy.dll
2010-02-13 14:46:29 ----A---- C:\WINDOWS\sdfinacs.dll
2010-02-13 14:46:16 ----A---- C:\WINDOWS\sdfixwcs.dll
2010-02-12 22:18:14 ----A---- C:\WINDOWS\wuasirvy.dll
2010-02-07 21:17:22 ----D---- C:\Program Files\TrendMicro
2010-02-07 20:55:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-07 20:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-07 20:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-07 20:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-07 20:49:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-07 20:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-07 20:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-07 20:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-07 20:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-07 20:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-07 20:36:13 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-05 11:53:36 ----D---- C:\Documents and Settings\DJ\Application Data\Malwarebytes
2010-02-05 11:53:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

======List of files/folders modified in the last 1 months======

2010-02-27 08:50:32 ----D---- C:\Program Files\Trend Micro
2010-02-27 08:47:21 ----D---- C:\WINDOWS\temp
2010-02-27 08:40:25 ----D---- C:\WINDOWS\Prefetch
2010-02-27 08:27:15 ----D---- C:\WINDOWS\system32
2010-02-27 08:27:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-26 22:25:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-25 08:33:37 ----D---- C:\Documents and Settings\DJ\Application Data\LimeWire
2010-02-14 13:16:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 11:14:24 ----D---- C:\WINDOWS
2010-02-13 15:43:39 ----HD---- C:\WINDOWS\inf
2010-02-13 15:43:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-13 15:43:36 ----A---- C:\WINDOWS\imsins.BAK
2010-02-13 15:43:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-13 15:43:35 ----D---- C:\WINDOWS\system32\drivers
2010-02-11 16:32:38 ----D---- C:\Program Files\Joystick 2 Mouse 3
2010-02-11 10:04:24 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-02-11 10:04:07 ----D---- C:\WINDOWS\Minidump
2010-02-07 21:17:27 ----SHD---- C:\WINDOWS\Installer
2010-02-07 21:17:22 ----RD---- C:\Program Files
2010-02-07 20:52:23 ----D---- C:\WINDOWS\AppPatch
2010-02-07 20:49:30 ----D---- C:\Program Files\Internet Explorer
2010-02-07 20:46:15 ----D---- C:\WINDOWS\WinSxS
2010-02-05 12:26:17 ----D---- C:\WINDOWS\addins
2010-02-04 13:41:31 ----D---- C:\Documents and Settings\DJ\Application Data\Adobe
2010-02-02 23:46:51 ----D---- C:\Program Files\World of Warcraft
2010-02-01 11:26:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-15 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-15 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-15 360584]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-06 21035]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-15 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 AlesisFirewire;Alesis Firewire; C:\WINDOWS\System32\Drivers\AlesisFirewire.sys [2008-03-10 119680]
R3 AlesisFirewireAudio;Alesis Firewire Audio; C:\WINDOWS\system32\drivers\AlesisFirewireAudio.sys [2008-03-10 19456]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\WINDOWS\System32\Drivers\KORGUMDS.SYS [2008-10-29 21720]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-16 47360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AlesisFirewireMidi;Alesis Firewire MIDI; C:\WINDOWS\system32\drivers\AlesisFirewireMidi.sys [2008-03-10 19456]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 Camav;SAMSUNG Video Capture Driver; C:\WINDOWS\System32\Drivers\Camav.sys [2007-01-25 54656]
S3 camflt;Samsung USB Audio Filter; C:\WINDOWS\system32\DRIVERS\camflt.sys [2007-01-25 12160]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-09 25280]
S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 21888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 176128]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 SL3Usb;SL3 driver; C:\WINDOWS\System32\Drivers\Sl3.sys [2009-02-16 36352]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UPATC;USBAT Controller Driver; C:\WINDOWS\system32\DRIVERS\upatc.sys [2000-05-30 87136]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-01-07 104064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-15 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-01 153376]
R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

 

[Blade81]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


uTorrent
LimeWire


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New rsit log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[hondasptbk]

Well...at first, Combofix did not appear to be working properly. I basically is getting to stage 3, then completely hanging. The computer hard drives shut down, and the whole pc will sit there until I manually shut down the script and restart the PC.

I then tried in Safe Mode, with the same result, however, with an added twist. The second attempt in Safe Mode yielded a pop up screen in combofix that said the installation had become compromised and not to use it. It mentioned a script altering virus named Virut (?) had potentially compromised the script, and to re-download.

I re-downloaded the script and re-ran in safe-mode, however, I'm still gettting the same freezing at stage 3.

 

[Blade81]

Did you have protection software disabled/turned off before you ran ComboFix?

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

 

[hondasptbk]

OTL:

OTL logfile created on: 3/3/2010 1:41:23 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\DJ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.13 Gb Total Space | 27.94 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive D: | 186.33 Gb Total Space | 24.89 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 698.64 Gb Total Space | 180.57 Gb Free Space | 25.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMESTYLEE
Current User Name: DJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\DJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
PRC - C:\WINDOWS\system32\savedump.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\DJ\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\DJ\Local Settings\temp\21211899927.nls ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\DJ\Local Settings\temp\IadHide5.dll (BackWeb)
MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SL3Usb) -- C:\WINDOWS\system32\drivers\Sl3.sys (Cristalink Ltd)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KORGUMDS) -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS (KORG Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AlesisFirewire) -- C:\WINDOWS\system32\drivers\AlesisFirewire.sys (Alesis)
DRV - (AlesisFirewireAudio) -- C:\WINDOWS\system32\drivers\AlesisFirewireAudio.sys (Alesis)
DRV - (AlesisFirewireMidi) -- C:\WINDOWS\system32\drivers\AlesisFirewireMidi.sys (Alesis)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (camflt) -- C:\WINDOWS\system32\drivers\camflt.sys (Devguru Corporation, Inc)
DRV - (Camav) -- C:\WINDOWS\system32\drivers\Camav.sys (Samsung electronics, Inc)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ADIDTSFiltService) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (AEAudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (SI3132) -- C:\WINDOWS\System32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (UPATC) -- C:\WINDOWS\system32\drivers\upatc.sys (SCM Microsystems Inc.)
DRV - (PfModNT) -- C:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/11 09:58:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 07:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 07:45:14 | 000,000,000 | ---D | M]

[2009/12/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Extensions
[2009/12/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/20 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\extensions
[2009/09/27 21:50:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 16:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/22 08:18:14 | 000,379,442 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13098 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe (Offer Atzitz)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\DJ\Start Menu\Programs\Utilites\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1194369867421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194369856953 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bw+0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\offline-8876480 {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\DJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DJ\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/06 08:55:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 01:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell\Auto\command - "" = I:\Se81.exe -- File not found
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009/04/29 01:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 13:40:51 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ\Desktop\OTL.exe
[2010/03/02 10:36:51 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2010/03/02 10:36:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/02/27 08:40:01 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/09 10:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/07 21:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/07 20:55:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/07 20:55:38 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/07 20:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/05 11:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DJ\Application Data\Malwarebytes
[2010/02/05 11:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/05 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/11/15 15:36:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/15 15:36:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/15 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/15 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/07 16:34:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/08/16 10:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/16 10:13:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\DJ\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/03 13:42:57 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/03 13:42:57 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/03 13:42:57 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/03 13:40:51 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ\Desktop\OTL.exe
[2010/03/03 13:39:01 | 000,179,092 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/03 13:38:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/03 13:38:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/03 13:38:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 08:38:33 | 056,595,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/02 13:17:58 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/03/02 10:45:04 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\DJ\NTUSER.DAT
[2010/03/02 10:37:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\DJ\ntuser.ini
[2010/03/02 10:36:51 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2010/02/27 08:35:18 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\RSIT.exe
[2010/02/22 08:18:14 | 000,379,442 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/14 12:59:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/13 15:43:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/13 14:46:35 | 000,078,386 | ---- | M] () -- C:\WINDOWS\msacm32.drv
[2010/02/13 14:46:35 | 000,000,100 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010/02/13 14:46:34 | 000,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
[2010/02/13 14:46:29 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
[2010/02/13 14:46:16 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010/02/13 14:31:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\t5d7kh4w.exe
[2010/02/12 02:04:45 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/11 16:26:08 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\DJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 10:37:24 | 000,377,740 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100222-081814.backup
[2010/02/09 21:19:20 | 000,044,548 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/07 21:18:51 | 000,021,151 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\hijackthis 2-7-10
[2010/02/07 21:17:22 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\HiJackThis.lnk
[2010/02/07 20:55:43 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/05 11:32:35 | 000,377,780 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100211-103724.backup
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 08:35:16 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\RSIT.exe
[2010/02/13 14:46:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/02/13 14:46:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/02/13 14:46:16 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/02/13 14:31:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\t5d7kh4w.exe
[2010/02/12 22:18:14 | 000,078,386 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/02/12 22:18:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2010/02/07 21:18:51 | 000,021,151 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\hijackthis 2-7-10
[2010/02/07 21:17:22 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\HiJackThis.lnk
[2010/02/07 20:55:43 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 20:44:27 | 000,253,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/15 15:12:32 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\mcs.rma
[2009/07/15 15:12:32 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\3C79E9
[2008/11/07 16:34:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/11/07 16:34:53 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/11/07 16:34:41 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/11/07 16:34:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/11/07 16:34:38 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/10/06 19:11:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/17 10:49:21 | 000,003,197 | ---- | C] () -- C:\WINDOWS\FORGE32.ini
[2008/05/17 10:49:19 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2008/05/17 10:49:19 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2008/05/17 08:49:50 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\Printer.ini
[2008/05/16 10:13:52 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.log
[2008/05/16 10:13:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.cat
[2008/05/16 10:13:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.inf
[2008/01/06 11:07:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/03 16:22:53 | 008,183,675 | ---- | C] () -- C:\Program Files\gmaker.exe
[2007/11/30 15:14:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/11/08 13:04:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\DJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/08 08:36:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/11/08 08:36:54 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007/11/08 08:36:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/11/08 08:36:15 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2007/11/08 08:35:47 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/11/08 08:32:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2007/11/06 14:36:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/06 11:02:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/06 10:24:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/11/06 10:24:29 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/11/06 10:24:27 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/11/06 10:24:27 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/11/06 09:12:56 | 000,000,962 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/11/06 09:12:56 | 000,000,403 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/11/06 09:01:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/11/06 09:01:58 | 000,036,158 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/11/06 09:01:43 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/13 13:14:16 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/13 13:14:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/13 13:14:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/13 13:14:12 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 13:14:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/03/22 00:32:06 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[1999/01/22 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >

 

[hondasptbk]

Extras:

OTL Extras logfile created on: 3/3/2010 1:41:23 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\DJ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.13 Gb Total Space | 27.94 Gb Free Space | 30.01% Space Free | Partition Type: NTFS
Drive D: | 186.33 Gb Total Space | 24.89 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 698.64 Gb Total Space | 180.57 Gb Free Space | 25.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMESTYLEE
Current User Name: DJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabledreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\KartRider\NMService.exe" = C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo -- ()
"C:\Program Files\AVG\AVG8\avgtray.exe" = C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:avgtray -- File not found
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" = C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE:*:Enabled:BJMyPrt -- (CANON INC.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0E70CFA6-93E3-453F-B47C-855196C2589E}" = Logitech Harmony Remote Software 7
"{109AB81D-9732-40B3-9C1F-113A86CE6F93}" = Canon MP Navigator 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGearStarter
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.3a
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.03
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B568B64-0BDE-4FB2-A1AB-8A41DF033C57}" = AI Gear
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8FE3E922-C58B-4E18-A923-FC85530C23C5}" = Scratch Live 1.9.2 (19222)
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{95909360-C5DC-4472-B7B2-A715D3B16CCA}" = Home Ftp Server
"{98C93365-3A20-46F6-80B4-AD4835D384C7}" = KORG padKONTROL Editor Librarian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C510B035-E21E-45E2-99DB-CCB4C8679D04}" = Alesis Multimix Firewire
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}" = KORG USB-MIDI Driver Tools for Windows
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{d59f762b-c1c3-4dfd-8184-bd5db13ef6a6}" = Nero 9 Lite
"{E2BF2060-D1DB-441A-8739-30E7BAA534BA}" = DENON DJ ASIO Driver
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"788118397DF78621C845B0406EFF36B45C98DED6" = Windows Driver Package - Alesis (AlesisFirewire) MEDIA (03/06/2008 3.1.0.1210)
"Ableton Live_is1" = Ableton Live v7.0.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"American Greetings® Art & More Store" = American Greetings® Art & More Store
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG Free 9.0
"Canon MX700 series User Registration" = Canon MX700 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"EZ Calendar" = EZ Calendar
"Game Maker 7.0" = Game Maker 7.0
"GGE v2.0" = GGE v2.0
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"Home Ftp Server_is1" = Home Ftp Server 1.9.2.127
"Hunting Unlimited 4" = Hunting Unlimited 4 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Joystick 2 Mouse 3" = Joystick 2 Mouse 3
"KartRider" = KartRider
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP4 to MP3 Converter" = MP4 to MP3 Converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoViewer Setup" = PhotoViewer v0.02
"PrintMaster 7.00" = PrintMaster 7.00
"RealPlayer 6.0" = RealPlayer
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Sonic Foundry Sound Forge 4.5c" = Sonic Foundry Sound Forge 4.5c
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SwiftMP3_is1" = SwiftMP3 1.0.4
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VSO PhotoDVD_is1" = PhotoDVD 2.8.3
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 3.8.2
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2009 2:05:28 AM | Computer Name = HOMESTYLEE | Source = Application Hang | ID = 1002
Description = Hanging application Ventrilo.exe, version 3.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 2:08:19 AM | Computer Name = HOMESTYLEE | Source = Application Hang | ID = 1002
Description = Hanging application Ventrilo.exe, version 3.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 2:08:39 AM | Computer Name = HOMESTYLEE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 2:08:43 AM | Computer Name = HOMESTYLEE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 3:47:26 AM | Computer Name = HOMESTYLEE | Source = Application Hang | ID = 1002
Description = Hanging application Ventrilo.exe, version 3.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2009 3:47:32 AM | Computer Name = HOMESTYLEE | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2009 6:22:06 PM | Computer Name = HOMESTYLEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/1/2009 1:35:07 PM | Computer Name = HOMESTYLEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/6/2009 4:56:52 AM | Computer Name = HOMESTYLEE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x65e80b70.

Error - 11/9/2009 3:31:41 PM | Computer Name = HOMESTYLEE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Blade81]

Hi,

Update Malwarebytes' Anti-Malware on its update tab and then run a quick scan. Let it delete all findings and post back the report.

 

[hondasptbk]

Malwarebytes' Anti-Malware 1.44
Database version: 3823
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/3/2010 3:10:42 PM
mbam-log-2010-03-03 (15-10-37).txt

Scan type: Quick Scan
Objects scanned: 138770
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mem32 (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> No action taken.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> No action taken.
C:\WINDOWS\rasqervy.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\sdfinacs.dll (Malware.Trace) -> No action taken.
C:\WINDOWS\sdfixwcs.dll (Malware.Trace) -> No action taken.

 

[Blade81]

Hi,

Did you let MBAM remove its findings? Download a fresh copy of ComboFix and then rename it to hondasptbk.exe before running (remember to disable antivirus protection first). Post back resultant log if you're able to finish the run this time.

 

[hondasptbk]

I have let MBAM remove it's findings, and I do have my antivirus disabled.

I am still not able to get combofix to move past stage 3 (it did get to stage 4 once, but, still failed to proceed). I have tried this at least 3 or 4 times in regular mode, and about 4 or 5 times in safe mode, each producing the same result.

 

[Blade81]

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. Post back the report & fresh OTL.txt log.

 

[hondasptbk]

Kapersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, March 5, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, March 04, 2010 05:44:51
Records in database: 3699193
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 240007
Threats found: 1
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 05:59:21


File name / Threat / Threats count
F:\Clickfox Backup\Downloads\VNC\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4

Selected area has been scanned.


OTL:

OTL logfile created on: 3/5/2010 7:00:42 AM - Run 2
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\DJ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.13 Gb Total Space | 29.64 Gb Free Space | 31.83% Space Free | Partition Type: NTFS
Drive D: | 186.33 Gb Total Space | 24.88 Gb Free Space | 13.36% Space Free | Partition Type: NTFS
Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 698.64 Gb Total Space | 180.57 Gb Free Space | 25.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOMESTYLEE
Current User Name: DJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\DJ\Local Settings\temp\jkos-DJ\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Documents and Settings\DJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\DJ\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\DJ\Local Settings\temp\21211899927.nls ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\DJ\Local Settings\temp\IadHide5.dll (BackWeb)
MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SL3Usb) -- C:\WINDOWS\system32\drivers\Sl3.sys (Cristalink Ltd)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KORGUMDS) -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS (KORG Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (AlesisFirewire) -- C:\WINDOWS\system32\drivers\AlesisFirewire.sys (Alesis)
DRV - (AlesisFirewireAudio) -- C:\WINDOWS\system32\drivers\AlesisFirewireAudio.sys (Alesis)
DRV - (AlesisFirewireMidi) -- C:\WINDOWS\system32\drivers\AlesisFirewireMidi.sys (Alesis)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (camflt) -- C:\WINDOWS\system32\drivers\camflt.sys (Devguru Corporation, Inc)
DRV - (Camav) -- C:\WINDOWS\system32\drivers\Camav.sys (Samsung electronics, Inc)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ADIDTSFiltService) -- C:\WINDOWS\system32\drivers\adidts.sys (Analog Devices, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (AEAudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (SI3132) -- C:\WINDOWS\System32\DRIVERS\SI3132.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (UPATC) -- C:\WINDOWS\system32\drivers\upatc.sys (SCM Microsystems Inc.)
DRV - (PfModNT) -- C:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/11 09:58:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 07:45:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 07:45:14 | 000,000,000 | ---D | M]

[2009/12/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Extensions
[2009/12/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/20 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\extensions
[2009/09/27 21:50:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DJ\Application Data\Mozilla\Firefox\Profiles\akh31lr7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 16:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/04 10:32:41 | 000,379,546 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13102 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe (Offer Atzitz)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\DJ\Start Menu\Programs\Utilites\Startup\Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1194369867421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194369856953 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bw+0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {1f3b71a6-3b3c-4c2c-b4db-bcd4f3267b43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\offline-8876480 {1F3B71A6-3B3C-4C2C-B4DB-BCD4F3267B43} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\DJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DJ\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/06 08:55:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 01:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell\Auto\command - "" = I:\Se81.exe -- File not found
O33 - MountPoints2\{5b05a102-e68e-11de-aee4-001d603d2ee1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009/04/29 01:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 10:25:24 | 000,000,000 | --SD | C] -- C:\hondasptbk
[2010/03/03 13:40:51 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DJ\Desktop\OTL.exe
[2010/02/27 08:40:01 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/09 10:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/07 21:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/07 20:55:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/07 20:55:38 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/07 20:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/05 11:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DJ\Application Data\Malwarebytes
[2010/02/05 11:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/05 11:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/11/15 15:36:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/15 15:36:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/15 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/15 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/07 16:34:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/08/16 10:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/16 10:13:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\DJ\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/04 14:38:00 | 056,711,097 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/04 13:31:17 | 000,080,946 | ---- | M] () -- C:\WINDOWS\msacm32.drv
[2010/03/04 13:31:17 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010/03/04 10:33:31 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/04 10:33:31 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/04 10:33:31 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/04 10:32:41 | 000,379,546 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/04 10:31:15 | 000,179,092 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/04 10:31:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/04 10:29:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/04 10:29:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/04 10:27:59 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\DJ\NTUSER.DAT
[2010/03/04 10:27:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\DJ\ntuser.ini
[2010/03/04 09:15:08 | 004,120,020 | R--- | M] () -- C:\Documents and Settings\DJ\Desktop\hondasptbk.exe
[2010/03/03 13:40:51 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DJ\Desktop\OTL.exe
[2010/03/02 13:17:58 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/02/27 08:35:18 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\RSIT.exe
[2010/02/22 08:18:14 | 000,379,442 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100304-103241.backup
[2010/02/14 12:59:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/13 15:43:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/13 14:31:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\t5d7kh4w.exe
[2010/02/12 02:04:45 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/11 16:26:08 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\DJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 10:37:24 | 000,377,740 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100222-081814.backup
[2010/02/09 21:19:20 | 000,044,548 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/07 21:17:22 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\DJ\Desktop\HiJackThis.lnk
[2010/02/07 20:55:43 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/05 11:32:35 | 000,377,780 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100211-103724.backup
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 13:31:17 | 000,080,946 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2010/03/04 13:31:17 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2010/03/04 09:15:08 | 004,120,020 | R--- | C] () -- C:\Documents and Settings\DJ\Desktop\hondasptbk.exe
[2010/02/27 08:35:16 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\RSIT.exe
[2010/02/13 14:31:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\t5d7kh4w.exe
[2010/02/07 21:17:22 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\DJ\Desktop\HiJackThis.lnk
[2010/02/07 20:55:43 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 20:44:27 | 000,253,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/15 15:12:32 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\mcs.rma
[2009/07/15 15:12:32 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\3C79E9
[2008/11/07 16:34:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/11/07 16:34:53 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/11/07 16:34:41 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/11/07 16:34:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/11/07 16:34:38 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/10/06 19:11:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/17 10:49:21 | 000,003,197 | ---- | C] () -- C:\WINDOWS\FORGE32.ini
[2008/05/17 10:49:19 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2008/05/17 10:49:19 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2008/05/17 08:49:50 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\Printer.ini
[2008/05/16 10:13:52 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.log
[2008/05/16 10:13:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.cat
[2008/05/16 10:13:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\DJ\Application Data\pcouffin.inf
[2008/01/06 11:07:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/03 16:22:53 | 008,183,675 | ---- | C] () -- C:\Program Files\gmaker.exe
[2007/11/30 15:14:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2007/11/08 13:04:14 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\DJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/08 08:36:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/11/08 08:36:54 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007/11/08 08:36:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/11/08 08:36:15 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2007/11/08 08:35:47 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/11/08 08:32:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2007/11/06 14:36:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/06 11:02:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/06 10:24:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/11/06 10:24:29 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/11/06 10:24:27 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/11/06 10:24:27 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/11/06 09:12:56 | 000,000,962 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/11/06 09:12:56 | 000,000,403 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/11/06 09:01:59 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/11/06 09:01:58 | 000,036,158 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/11/06 09:01:43 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/08/13 13:14:16 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/13 13:14:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/13 13:14:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/13 13:14:12 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 13:14:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/03/22 00:32:06 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[1999/01/22 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >