I followed the instructions in Geeks to Go's Malware and Spyware Cleaning Guide. Below are the logs from OTL and MBAM. Unfortunately, I tried to run Rootkit Detection, but it would not get past "initializing," so there is no log for that one.
Computer frequently seems to be using 100% of CPU available memory (per task manager). Also, there are much more frequent popup ads now. I very much appreciate your help!
OTL logfile created on: 9/27/2009 11:44:31 PM - Run 2
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Install Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.98 Mb Total Physical Memory | 23.44 Mb Available Physical Memory | 4.59% Memory free
2.42 Gb Paging File | 1.78 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 9.44 Gb Free Space | 25.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 31.49 Gb Total Space | 6.16 Gb Free Space | 19.55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 117.56 Gb Total Space | 38.25 Gb Free Space | 32.54% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DELL
Current User Name: Bryan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2008/04/13 14:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2005/12/07 03:55:00 | 00,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\FrameworkService.exe
PRC - [2006/02/14 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\mcshield.exe
PRC - [2005/12/07 03:55:00 | 00,229,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\naPrdMgr.exe
PRC - [2006/06/08 20:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\vstskmgr.exe
PRC - [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/07/11 07:22:40 | 00,857,088 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
PRC - [2007/01/04 11:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/09/22 08:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\SHSTAT.EXE
PRC - [2005/12/07 03:55:00 | 00,131,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\UpdaterUI.exe
PRC - [2003/10/07 09:48:56 | 00,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/06/28 07:45:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/06/20 22:36:22 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/09/12 07:58:48 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/06/20 22:36:00 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2007/01/04 11:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/09/27 23:16:10 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Install Programs\OTL.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
========== Win32 Services (SafeList) ==========
SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/09/03 11:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2008/04/13 14:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/07 16:55:02 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2005/12/07 03:55:00 | 00,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2006/02/14 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\mcshield.exe -- (McShield [Auto | Running])
SRV - [2006/06/08 20:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2003/03/03 08:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2003/03/09 10:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/07/11 07:22:40 | 00,857,088 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2 [Auto | Running])
SRV - [2007/01/04 11:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gocomics....6?view_all=true
IE - URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.latimes.com/"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:2.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/14 14:21:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:01:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/21 07:21:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/27 23:12:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 08:07:47 | 00,000,000 | ---D | M]
[2008/08/06 22:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions
[2008/08/06 22:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/27 08:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions
[2009/09/04 07:01:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/07 08:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2009/09/12 08:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/19 08:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\[email protected]
[2009/09/27 08:19:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/12 08:00:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 07:22:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/03 20:51:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/15 00:07:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/12 07:58:17 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 07:58:20 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/12 07:59:35 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2003/05/15 01:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/18 19:25:59 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/18 19:26:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/18 19:26:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/18 19:26:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/18 19:26:01 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/18 19:26:01 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/18 19:26:01 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/03 11:53:00 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/27 16:48:15 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/27 16:48:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/27 16:48:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/27 16:48:15 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/27 16:48:15 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/27 16:48:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/27 16:48:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (335519 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11498 more lines...
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [gelakateg] C:\WINDOWS\System32\kiramega.DLL ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Common Framework\UpdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/06 06:58:55 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/06 06:58:55 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/06 06:58:55 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aa.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: accountonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: alamo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allheart.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allheart.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: americanexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: americanexpress.com ([www99] https in Trusted sites)
O15 - HKCU\..Trusted Domains: americastestkitchen.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: att.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: att.com ([*.wireless] * in Trusted sites)
O15 - HKCU\..Trusted Domains: avis.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: barnesandnoble.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: blogger.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: blogger.com ([photos] * in Trusted sites)
O15 - HKCU\..Trusted Domains: blogger.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([happyoblivion] http in Trusted sites)
O15 - HKCU\..Trusted Domains: centralpacificbank.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: centralpacificbank.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: circuitcity.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: coffeebean.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cwtv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cwtv.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: delta.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ebsco.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fandango.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: farecast.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: footlocker.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: fsmb.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gamestop.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: geico.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([*.soccernet.espn] * in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([soccernet.espn] * in Trusted sites)
O15 - HKCU\..Trusted Domains: gocomics.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gocomics.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([gmail] * in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: handhelditems.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hawaiianair.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hawaiipacifichealth.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hawaiisuperferry.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hmsa.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ifilm.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kayak.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mapmyfitness.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: medscape.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nba.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nike.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nytimes.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: officemax.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: opentable.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: opentable.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: palm.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: paypal.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: payscale.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: points.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rewardsnetwork.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rewardsnetwork.com ([mpdining] https in Trusted sites)
O15 - HKCU\..Trusted Domains: roadrunnersports.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sacbee.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sacbee.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: starbucks.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: steeles.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveymonkey.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tirerack.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: titantv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tvguide.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ucomics.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: victoriassecret.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([photos] * in Trusted sites)
O15 - HKCU\..Trusted Domains: xanga.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: zap2it.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 71 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} http://www.streamaud...d/ccpm_0237.cab (ChainCast VMR Client Proxy)
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} file://D:\components\Liquid.ocx (Liquid.LiquidHelper)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...74/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifes...ll/pinstall.cab (Install Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229589277421 (MUWebControl Class)
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://sioncampus.ne...00/isetupml.cab (InstallShield International Setup Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://citycams.co.h...sCamControl.ocx (CamImage Class)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://us.dl1.yimg.c.../ymmapi_416.dll (YahooYMailTo Class)
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} http://cdn.digitalci...m/video/kdx.cab (Secure Delivery)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A790} http://www.microsoft...w/0/BerbCln.CAB (BerbCln Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.co...,15/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://f1.pg.photos....plorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download.game...nts/y/tt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Poker http://download.game...nts/y/pt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Word Racer http://download.game...nts/y/wt0_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bw+0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {97291B7F-E871-4E23-B864-408166DA98E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\suyamadu.dll) - C:\WINDOWS\System32\suyamadu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\gitisowe.dll) - C:\WINDOWS\System32\gitisowe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\niyihese.dll) - C:\WINDOWS\System32\niyihese.dll File not found
O20 - AppInit_DLLs: (hobopuke.dll) - C:\WINDOWS\System32\hobopuke.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\kiramega.dll) - C:\WINDOWS\System32\kiramega.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: fasidovaz - {f8773ae1-0241-41b0-9118-a019f8b51fb8} - C:\WINDOWS\System32\niyihese.dll File not found
O21 - SSODL: gonebisef - {93436d0e-9b61-4b81-a04b-f69ebcd19039} - C:\WINDOWS\System32\kiramega.dll ()
O21 - SSODL: jakazihug - {1f6c23c2-cb07-4718-a20f-7efe13ad5d09} - C:\WINDOWS\System32\suyamadu.dll File not found
O22 - SharedTaskScheduler: {1f6c23c2-cb07-4718-a20f-7efe13ad5d09} - tokatiluy - C:\WINDOWS\System32\suyamadu.dll File not found
O22 - SharedTaskScheduler: {93436d0e-9b61-4b81-a04b-f69ebcd19039} - jugezatag - C:\WINDOWS\System32\kiramega.dll ()
O22 - SharedTaskScheduler: {f8773ae1-0241-41b0-9118-a019f8b51fb8} - tokatiluy - C:\WINDOWS\System32\niyihese.dll File not found
O24 - Desktop Components:0 () - http://images.ucomic...04/bl041209.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{442b31b4-9607-11de-a5da-0007e96316f5}\Shell - "" = AutoRun
O33 - MountPoints2\{442b31b4-9607-11de-a5da-0007e96316f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{442b31b4-9607-11de-a5da-0007e96316f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/09/27 08:34:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 08:34:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/27 08:34:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/27 08:22:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/27 08:20:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/27 00:16:43 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/09/26 23:43:37 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/09/26 22:58:01 | 00,000,000 | ---D | C] -- C:\VundoFix
[2009/09/25 22:31:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/17 12:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
========== Files - Modified Within 14 Days ==========
[2009/09/27 23:49:04 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vitofuti
[2009/09/27 23:46:02 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/09/27 23:37:06 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/27 23:36:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/09/27 23:36:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/27 23:36:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/27 22:48:37 | 00,088,576 | -HS- | M] () -- C:\WINDOWS\System32\kiramega.dll
[2009/09/27 22:48:37 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\popiwoba.dll
[2009/09/27 10:53:19 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/09/27 10:48:54 | 00,088,576 | ---- | M] () -- C:\WINDOWS\System32\ranuvozo.dll
[2009/09/27 08:34:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 07:07:50 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/26 22:48:33 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/09/25 22:29:32 | 00,604,160 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\TV.doc
[2009/09/24 07:55:33 | 00,335,519 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/09/19 08:47:40 | 00,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/18 23:50:48 | 00,331,459 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090924-075532.backup
[2009/09/18 21:56:55 | 00,588,288 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\~MASTER CALENDAR 2007-08.doc
[2009/09/18 00:14:33 | 00,077,136 | ---- | M] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/14 15:13:39 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/14 07:44:45 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Weight & Fat.xls
========== LOP Check ==========
[2009/09/27 00:13:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2003/08/26 20:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2008/02/25 21:47:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/08/12 22:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/07/21 12:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Pro 9.0 Trial Version
[2003/08/13 11:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0527
[2005/01/01 20:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/01/04 10:02:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2003/08/06 14:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/06/03 08:37:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/12/02 14:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/09/25 08:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/30 09:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turning Technologies
[2009/09/27 00:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/30 16:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/09/27 00:09:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data
[2007/09/09 02:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\.BitTornado
[2007/06/28 20:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\acccore
[2006/05/29 15:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Ahead
[2006/11/09 16:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Aim
[2003/08/13 18:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ArcSoft
[2003/08/13 16:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\CyberLink
[2006/12/10 13:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ExecutiveSoftware
[2003/11/13 16:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Freedom
[2009/07/12 10:44:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\GetRightToGo
[2009/07/12 11:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Home Designer Pro 9.0 Trial Version
[2009/09/24 19:46:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Home Designer Suite 8.0
[2005/09/22 00:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ICAClient
[2004/03/18 17:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ICQ
[2008/04/04 00:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Kontiki
[2004/03/18 19:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Leadertech
[2005/03/09 16:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Motive
[2009/09/18 00:06:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bryan\Application Data\Move Networks
[2003/08/22 12:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\MSN6
[2004/03/09 11:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Roxio
[2009/07/02 23:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\SmartDraw
[2008/05/10 18:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Smilebox
[2006/12/02 12:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Snapfish
[2007/08/22 00:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Softplicity
[2008/11/18 08:16:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Turning Technologies
[2008/06/11 00:28:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\U3
[2007/03/14 00:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Viewpoint
[2009/01/01 13:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Windows Desktop Search
[2009/09/27 07:07:50 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 00:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/01/05 17:59:42 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1096948708.job
[2009/09/27 23:36:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/27 23:46:02 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2008/04/13 14:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/13 14:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
Malwarebytes' Anti-Malware 1.41
Database version: 2865
Windows 5.1.2600 Service Pack 3
9/27/2009 2:19:21 PM
mbam-log-2009-09-27 (14-19-21).txt
Scan type: Full Scan (C:\|E:\|G:\|)
Objects scanned: 507598
Time elapsed: 4 hour(s), 9 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\WINDOWS\SYSTEM32\seruyone.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hobopuke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mozuzolo.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{146b5157-5a13-4490-aa8a-acf6bf7c56b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gelakateg (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{146b5157-5a13-4490-aa8a-acf6bf7c56b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zepidipub (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\seruyone.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\seruyone.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\SYSTEM32\seruyone.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hobopuke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mozuzolo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\jewipaje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ranuvozo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wekavube.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zesulalu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Edited by angelpoo, 28 September 2009 - 04:14 AM.