Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malwarebytes' Anti-Malware website not working [Solved]

Started by axg317 , Oct 30 2009 09:37 PM

This topic is locked

#1
axg317

Posted 30 October 2009 - 09:37 PM

New Member

Member
9 posts

When I was trying to open Malwarebytes' Anti-Malware the website was not working. I tried to yahoo it since I have a google redirect problem but it still did not work. Any suggestions? Can I come back to this step?

Thanks
Anna

#2
heir

Posted 01 November 2009 - 07:48 AM

Trusted Helper

Malware Removal
5,427 posts

Hello axg317 !

Welcome to the site!

My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Let's see if these tools runs.
In case a tool doesn't run, please tell me what happened in your reply and then continue with the next step.

Step 1.
Win32kDiag:

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Step 2.
RootRepeal:

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply.

If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Step 3.
OTL-scan:

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Standard Output.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 4.
Things I would like to see in your reply:

The content of Win32kDiag.txt on your desktop from step 1.
The content of RootRepeal.txt on your desktop from step 2.
The content of OTL.txt and Extras.txt on your desktop from step 3.

#3
axg317

Posted 02 November 2009 - 11:20 PM

New Member

Topic Starter
Member
9 posts

Running from: C:\Documents and Settings\Julie\My Documents\Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\Julie\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

#4
axg317

Posted 02 November 2009 - 11:34 PM

New Member

Topic Starter
Member
9 posts

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/02 21:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9E29000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A89000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7A59000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9854000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf75bb87e

#: 047 Function Name: NtCreateProcess
Status: Hooked by "SSI.SYS" at address 0xf749e3ce

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "SSI.SYS" at address 0xf749e56e

#: 063 Function Name: NtDeleteKey
Status: Hooked by "SSI.SYS" at address 0xf749ce94

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "SSI.SYS" at address 0xf749d4e2

#: 192 Function Name: NtRenameKey
Status: Hooked by "SSI.SYS" at address 0xf749d00a

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "SSI.SYS" at address 0xf749d1da

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf75bbbfe

==EOF==

#5
axg317

Posted 02 November 2009 - 11:49 PM

New Member

Topic Starter
Member
9 posts

OTL Extras logfile created on: 11/2/2009 9:36:49 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Julie\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 370.25 Mb Available Physical Memory | 36.50% Memory free
2.39 Gb Paging File | 1.91 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 40.58 Gb Free Space | 43.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Julie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8085:TCP" = 8085:TCP:*:Enabled:ddnsfilter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\system32\lxczcoms.exe" = C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{508FA22B-AFFC-46CD-9441-2567976574A4}" = Nokia PC Suite
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{588AA47B-9115-44D3-B2E5-4F10BC659D6C}" = Nokia PC Connectivity Solution
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1" = Spy Sweeper
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Toshiba Registration and Metamail Trust Architecture
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}" = Nokia Connectivity Cable Driver
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA}" = TIxx21/x515
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"010D072E91408D6B7C6FC65489B6D30C027605F5" = Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"America Online us" = America Online (Choose which version to remove)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Digital Camera Device Driver" = Digital Camera Device Driver
"ERUNT_is1" = ERUNT 1.1j
"Fn-esse" = TOSHIBA Fn-esse
"Gross Anatomy Laboratory Assistant" = Gross Anatomy Laboratory Assistant
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"InstallShield_{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA}" = Texas Instruments PCIxx21/x515 drivers.
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LimeWire" = LimeWire 5.2.13
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PC Sync Manager" = PC Sync Manager
"Port Magic" = Pure Networks Port Magic
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2009 11:30:05 PM | Computer Name = TOSHIBA-USER | Source = Google Update | ID = 20
Description =

Error - 10/30/2009 6:34:39 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/30/2009 6:34:39 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/30/2009 6:34:40 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/30/2009 6:34:40 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/30/2009 6:46:54 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application wordconv.exe, version 12.0.6014.5000, faulting
module unknown, version 0.0.0.0, fault address 0x3134d488.

Error - 10/30/2009 6:46:54 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application wordconv.exe, version 12.0.6014.5000, faulting
module unknown, version 0.0.0.0, fault address 0x3134d488.

Error - 10/30/2009 9:37:52 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application Mcshield.exe, version 8.0.0.309, faulting module
Mcshield.exe, version 8.0.0.309, fault address 0x000037f7.

Error - 10/30/2009 9:40:50 PM | Computer Name = TOSHIBA-USER | Source = McLogEvent | ID = 1008
Description =

Error - 10/31/2009 12:52:13 PM | Computer Name = TOSHIBA-USER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8
NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

Error - 11/3/2009 1:09:20 AM | Computer Name = TOSHIBA-USER | Source = yukonwxp | ID = 458845
Description = MAC Transmit FIFO underrun

< End of report >

OTL logfile created on: 11/2/2009 9:36:49 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Julie\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 370.25 Mb Available Physical Memory | 36.50% Memory free
2.39 Gb Paging File | 1.91 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 40.58 Gb Free Space | 43.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Julie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/02 21:34:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie\My Documents\Downloads\OTL.exe
PRC - [2009/10/30 19:09:11 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/21 23:33:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/21 23:33:49 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/03 06:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/07/03 06:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 02:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 14:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/02/08 14:50:33 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2007/01/04 13:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/22 06:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/25 10:20:56 | 02,161,152 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
PRC - [2005/07/12 16:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/04/27 15:54:52 | 00,149,248 | ---- | M] (Metamail Corp.) -- C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Server.exe
PRC - [2005/04/27 15:54:42 | 00,534,272 | ---- | M] (Metamail Corp.) -- C:\Program Files\Metamail Inc\Metamail Reader\Metamail Secure Viewer.exe
PRC - [2005/01/17 15:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/10/15 10:27:38 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 10:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/10/15 10:23:12 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/15 10:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/10/15 10:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/27 23:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/25 02:50:00 | 00,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/25 02:50:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/25 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/08/04 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

========== Modules (SafeList) ==========

MOD - [2009/11/02 21:34:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 23:33:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/23 16:54:53 | 00,052,224 | ---- | M] () -- C:\Program Files\DDnsFilter\DDnsFilter.dll -- (ddnsfilter)
SRV - [2009/07/03 06:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/10/26 14:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/09/29 19:32:05 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/02/08 14:50:33 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/22 06:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/04/12 10:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/01/25 10:20:56 | 02,161,152 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -- (svcWRSSSDK)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/07/12 16:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 15:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/15 10:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/10/15 10:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/10/15 10:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/08/27 23:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/08/25 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/23 16:54:53 | 00,038,016 | ---- | M] (DnsFilter) -- C:\WINDOWS\system32\drivers\DnsFilter.sys -- (DnsFilter)
DRV - [2009/07/03 06:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/16 13:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/26 14:27:00 | 00,306,300 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/09/29 19:24:31 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/04/12 17:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 17:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 17:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/03/24 07:32:00 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/03/24 07:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/03/24 07:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/03/24 07:32:00 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006/01/25 09:54:32 | 00,078,336 | ---- | M] (Webroot Software (www.webroot.com)) -- C:\WINDOWS\system32\Drivers\SSI.SYS -- (SSI)
DRV - [2005/09/20 16:36:08 | 00,017,119 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2005/06/02 02:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/23 13:49:35 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/04/20 18:59:58 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2005/04/20 18:59:58 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2005/04/19 09:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/15 12:46:04 | 00,029,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/04/12 15:19:42 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/04 15:25:36 | 00,160,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/30 16:18:40 | 00,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/02/25 18:22:26 | 00,008,704 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/15 15:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 17:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/10/29 02:48:10 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/10/15 10:20:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 07:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/30 14:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr)
DRV - [2003/09/19 14:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 22:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/11 07:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/21 23:33:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 19:09:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 19:09:19 | 00,000,000 | ---D | M]

[2009/09/21 23:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Extensions
[2009/09/14 22:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/21 23:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Extensions\[email protected]
[2009/11/02 20:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\sf4rde1p.default\extensions
[2009/09/16 16:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\sf4rde1p.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/11/02 20:18:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 19:09:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/21 23:35:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/30 19:09:09 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/30 19:09:09 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/21 23:33:50 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/30 19:09:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/21 23:31:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/21 23:31:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/21 23:31:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/08/24 10:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 10:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 10:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 10:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 10:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 10:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 10:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (713 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MCIEPlugIn Class) - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\Program Files\Metamail Inc\Metamail Reader\IEPlugIn.dll (Metamail Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [pp] C:\WINDOWS\pp11.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [sysfbtray] C:\WINDOWS\freddy61.exe ()
O4 - HKLM..\Run: [sysldtray] C:\WINDOWS\ld12.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1128878123265 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} http://nepresents.my...geUploader4.cab (MyPhotoAlbum Easy Upload Tool Combo Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} http://philau-reg:80.../CAT/CNICAT.cab (ActiveFormX Control)
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} http://images.fotki....tkiUploader.cab (FotkiUploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.28.0.61 66.28.0.45 10.53.7.10
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll (Metamail Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\Shell - "" = AutoRun
O33 - MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f579726-99c6-11de-b0b6-0013ce4b6b3b}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\Shell - "" = AutoRun
O33 - MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/23 08:54:09 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/11/14 15:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Desktop\Anna
[2009/10/30 19:29:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/30 19:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/14 16:28:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/10/12 20:55:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Desktop\Julies
[2009/10/12 11:18:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/10/12 11:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/10/12 11:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/12 11:14:25 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/12 11:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/08/11 14:28:36 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2006/12/20 14:08:22 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2006/12/20 14:06:56 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2006/12/20 14:01:02 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[2006/12/20 13:59:22 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2006/12/20 13:58:01 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2006/12/20 13:55:39 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2006/12/20 13:54:52 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2006/12/20 13:54:19 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2006/12/20 13:47:30 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2006/12/20 13:46:49 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2006/12/20 13:42:34 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[4 C:\Documents and Settings\Julie\Desktop\*.tmp files -> C:\Documents and Settings\Julie\Desktop\*.tmp -> ]
[17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/14 15:50:16 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B7AFFE89-2237-4E28-B49C-689F64C14F82}.job
[2009/11/02 20:51:19 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/11/02 20:12:21 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/02 20:12:21 | 00,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/02 20:12:21 | 00,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/02 20:11:15 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/02 20:10:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/02 20:08:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/02 20:07:59 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/02 20:07:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/02 20:07:03 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Julie\NTUSER.DAT
[2009/11/02 20:06:51 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Julie\ntuser.ini
[2009/11/02 20:06:39 | 08,061,874 | -H-- | M] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\IconCache.db
[2009/10/30 19:28:21 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\NTREGOPT.lnk
[2009/10/30 19:28:21 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\ERUNT.lnk
[2009/10/27 14:15:37 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/25 12:48:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/16 19:53:38 | 00,083,630 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\2842_1136739579750_1265187912_369585_465864_n.jpg
[2009/10/16 19:53:10 | 00,037,042 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\2842_1136738539724_1265187912_369584_7410913_n.jpg
[2009/10/12 21:02:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/12 11:27:47 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/10/12 07:39:55 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\Microsoft Office Word 2003.lnk
[4 C:\Documents and Settings\Julie\Desktop\*.tmp files -> C:\Documents and Settings\Julie\Desktop\*.tmp -> ]
[17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/30 19:28:21 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\NTREGOPT.lnk
[2009/10/30 19:28:21 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\ERUNT.lnk
[2009/10/27 14:15:37 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/16 19:53:37 | 00,083,630 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\2842_1136739579750_1265187912_369585_465864_n.jpg
[2009/10/16 19:53:06 | 00,037,042 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\2842_1136738539724_1265187912_369584_7410913_n.jpg
[2009/10/12 11:27:47 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2008/08/11 14:31:30 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/08/11 14:31:30 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/08/11 14:28:36 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2008/08/11 14:27:47 | 00,000,442 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2008/08/11 14:27:16 | 00,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2008/08/11 14:25:56 | 00,039,899 | R--- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/10/26 14:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 14:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/19 22:01:05 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/10 18:00:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/06/29 23:07:39 | 00,097,569 | ---- | C] () -- C:\Documents and Settings\Julie\Application Data\NMM-MetaData.db
[2007/04/27 16:07:40 | 00,005,721 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/25 11:42:48 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2006/12/31 01:09:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/31 01:08:29 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/07 10:23:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2006/03/27 08:19:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2006/03/18 18:48:05 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/03/18 18:47:45 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/18 18:41:11 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2006/03/07 08:59:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2006/01/10 14:11:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2006/01/10 14:11:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2005/12/14 21:12:53 | 00,143,360 | ---- | C] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/30 17:23:05 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\Julie\Application Data\wklnhst.dat
[2005/11/21 22:34:44 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2005/11/21 22:34:42 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/21 22:34:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/14 17:36:40 | 00,033,512 | ---- | C] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/09 09:34:59 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/10/09 09:03:01 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2005/10/09 08:53:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Julie\Application Data\desktop.ini
[2005/10/09 08:53:12 | 08,061,874 | -H-- | C] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\IconCache.db
[2005/09/20 16:40:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/24 08:44:16 | 00,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/24 08:34:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/24 08:34:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/24 08:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/24 08:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/24 08:34:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/24 08:34:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/24 08:32:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/24 08:31:49 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/24 08:31:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/24 08:31:49 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/24 08:31:49 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/10 18:02:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/23 16:32:31 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/23 14:14:59 | 00,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/23 14:14:59 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/23 13:30:21 | 00,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/05/23 12:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/23 12:52:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/23 12:45:19 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/23 09:01:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 08:51:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/23 08:32:45 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/23 08:29:57 | 00,000,804 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/05/23 08:29:51 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/05/23 01:46:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/04/25 12:44:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/04/20 19:38:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/04/20 19:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/03/30 13:50:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/25 14:44:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/12 07:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/04/13 00:10:24 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/13 18:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >

#6
heir

Posted 03 November 2009 - 12:47 AM

Trusted Helper

Malware Removal
5,427 posts

Please follow my instructions and put the downloaded tools on your desktop when you are asked to do so. There are reason for putting them there.

Step 0.
Uninstall unwanted softwares:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

LimeWire 5.2.13
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Optional removals
Limewire and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 1.
OTL-fix:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - [2007/01/04 13:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
O4 - HKLM..\Run: [pp] C:\WINDOWS\pp11.exe ()
O4 - HKLM..\Run: [sysfbtray] C:\WINDOWS\freddy61.exe ()
O4 - HKLM..\Run: [sysldtray] C:\WINDOWS\ld12.exe ()
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
O33 - MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\Shell - "" = AutoRun
O33 - MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5f579726-99c6-11de-b0b6-0013ce4b6b3b}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\Shell - "" = AutoRun
O33 - MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
:Files
C:\Program Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fixlog

Step 2.
MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
OTL-scan:

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 4.
Things I would like to see in your reply:

Which P2P softwares were uninstalled in step 0.
The content of the fixlog from OTL in step 1.
The content of the report from MBAM in step 2.
The content of the OTL.txt in step 3.
Information on how your computer is running now.

#7
axg317

Posted 03 November 2009 - 10:12 PM

New Member

Topic Starter
Member
9 posts

OTL fixlog

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named ViewMgr.exe was found!
No active process named ViewpointService.exe was found!
No service named Viewpoint Manager Service was found to stop!
Unable to stop service Viewpoint Manager Service!
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pp deleted successfully.
C:\WINDOWS\pp11.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysfbtray deleted successfully.
C:\WINDOWS\freddy61.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysldtray deleted successfully.
C:\WINDOWS\ld12.exe moved successfully.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3849b84e-40a7-11dc-af30-0013ce4b6b3b}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f579726-99c6-11de-b0b6-0013ce4b6b3b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f579726-99c6-11de-b0b6-0013ce4b6b3b}\ not found.
File E:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d35e3604-63ce-11dd-afe8-000fb09ceff6}\ not found.
File F:\LaunchU3.exe not found.
========== FILES ==========
File\Folder C:\Program Files\Viewpoint not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

#8
axg317

Posted 03 November 2009 - 10:25 PM

New Member

Topic Starter
Member
9 posts

I am still unable to perform step two MBAM it gives me the same problem loading page. I am using Mozilla Firefox

Server not found

Firefox can't find the server at www.malwarebytes.org.

* Check the address for typing errors such as
ww.example.com instead of
www.example.com

* If you are unable to load any pages, check your computer's network
connection.

* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

I also did not uninstall Limewire because I installed it after I already had this google problem. But I can uninstall it if you need me to.

#9
heir

Posted 04 November 2009 - 12:18 AM

Trusted Helper

Malware Removal
5,427 posts

Try downloading MalwareBytes Antimalware using this link instead.

#10
axg317

Posted 04 November 2009 - 12:54 PM

New Member

Topic Starter
Member
9 posts

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/4/2009 10:42:57 AM
mbam-log-2009-11-04 (10-42-57).txt

Scan type: Quick Scan
Objects scanned: 96621
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 43
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\ddnsfilter\ddnsfilter.dll (Worm.KoobFace) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ddnsfilter (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ddnsfilter (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddnsfilter (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsFilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCtl (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\DDnsFilter (Trojan.DNSChanger) -> Delete on reboot.

Files Infected:
c:\program files\ddnsfilter\ddnsfilter.dll (Worm.KoobFace) -> Delete on reboot.
C:\WINDOWS\system32\drivers\DnsFilter.sys (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\freddy59.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCtl\BrowserCtl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146120114.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464950.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464954.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101465753.xe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ectbbyn.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ex23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

#11
axg317

Posted 04 November 2009 - 01:04 PM

New Member

Topic Starter
Member
9 posts

OTL logfile created on: 11/4/2009 10:55:47 AM - Run 2
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Julie\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 479.71 Mb Available Physical Memory | 47.29% Memory free
2.39 Gb Paging File | 1.99 Gb Available in Paging File | 83.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 40.53 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Julie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/02 21:34:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie\My Documents\Downloads\OTL.exe
PRC - [2009/10/30 19:09:11 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/21 23:33:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/21 23:33:49 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/03 06:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/07/03 06:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/02/06 02:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 14:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/02/08 14:50:33 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2006/12/22 06:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/01/25 10:20:56 | 02,161,152 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
PRC - [2005/07/12 16:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/01/17 15:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/10/15 10:27:38 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 10:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/10/15 10:23:12 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/15 10:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/10/15 10:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/27 23:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/25 02:50:00 | 00,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2004/08/25 02:50:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2004/08/25 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/08/04 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

========== Modules (SafeList) ==========

MOD - [2009/11/02 21:34:55 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 23:33:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/03 06:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/10/26 14:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/09/29 19:32:05 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/02/08 14:50:33 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2006/12/22 06:31:50 | 00,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/04/12 10:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/01/25 10:20:56 | 02,161,152 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe -- (svcWRSSSDK)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/07/12 16:14:42 | 00,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 15:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/15 10:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/10/15 10:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/10/15 10:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/08/27 23:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/08/25 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/03 06:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/16 13:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/26 14:27:00 | 00,306,300 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/09/29 19:24:31 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/04/12 17:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 17:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 17:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/03/24 07:32:00 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/03/24 07:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/03/24 07:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/03/24 07:32:00 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006/01/25 09:54:32 | 00,078,336 | ---- | M] (Webroot Software (www.webroot.com)) -- C:\WINDOWS\system32\Drivers\SSI.SYS -- (SSI)
DRV - [2005/09/20 16:36:08 | 00,017,119 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2005/06/02 02:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/31 04:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 04:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 04:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 04:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 04:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 04:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 04:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 04:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 04:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/23 13:49:35 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/05/13 09:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 09:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/04/22 02:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/04/20 18:59:58 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2005/04/20 18:59:58 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2005/04/19 09:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/15 12:46:04 | 00,029,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/04/12 15:19:42 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/04 15:25:36 | 00,160,768 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/30 16:18:40 | 00,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/02/25 18:22:26 | 00,008,704 | ---- | M] (TOSHIBA ) -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/11/15 15:22:08 | 00,101,874 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 17:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/10/29 02:48:10 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/10/15 10:20:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 07:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/07/30 14:05:04 | 00,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SerTVOutCtlr)
DRV - [2003/09/19 14:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 22:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/11 07:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/21 23:33:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 19:09:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 19:09:19 | 00,000,000 | ---D | M]

[2009/09/21 23:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Extensions
[2009/09/14 22:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/21 23:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Extensions\[email protected]
[2009/11/03 20:31:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\sf4rde1p.default\extensions
[2009/09/16 16:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\sf4rde1p.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/11/03 20:31:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 19:09:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/21 23:35:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/30 19:09:09 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/30 19:09:09 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/21 23:33:50 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/30 19:09:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/21 23:30:59 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/21 23:31:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/21 23:31:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/21 23:31:00 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/08/24 10:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 10:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 10:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 10:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 10:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 10:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 10:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (713 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MCIEPlugIn Class) - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\Program Files\Metamail Inc\Metamail Reader\IEPlugIn.dll (Metamail Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/05/10 10:34:24 | 00,000,000 | ---D | M]
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1128878123265 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} http://nepresents.my...geUploader4.cab (MyPhotoAlbum Easy Upload Tool Combo Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} http://philau-reg:80.../CAT/CNICAT.cab (ActiveFormX Control)
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} http://images.fotki....tkiUploader.cab (FotkiUploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.28.0.61 66.28.0.45 10.53.7.10
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B9E618A2-A4FE-11D4-83C2-005004636C96} - C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll (Metamail Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/14 15:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Desktop\Anna
[2009/11/04 10:34:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Application Data\Malwarebytes
[2009/11/04 10:34:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/04 10:34:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/04 10:34:32 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2009/11/04 10:34:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/03 20:04:30 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/30 19:29:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/30 19:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/14 16:28:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/10/12 20:55:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Desktop\Julies
[2009/10/12 11:18:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/10/12 11:17:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/10/12 11:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/10/12 11:14:25 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/12 11:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/08/11 14:28:36 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2006/12/20 14:08:22 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2006/12/20 14:06:56 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2006/12/20 14:01:02 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[2006/12/20 13:59:22 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2006/12/20 13:58:01 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2006/12/20 13:55:39 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2006/12/20 13:54:52 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2006/12/20 13:54:19 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2006/12/20 13:47:30 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2006/12/20 13:46:49 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2006/12/20 13:42:34 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[4 C:\Documents and Settings\Julie\Desktop\*.tmp files -> C:\Documents and Settings\Julie\Desktop\*.tmp -> ]
[17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/14 15:50:16 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B7AFFE89-2237-4E28-B49C-689F64C14F82}.job
[2009/11/04 10:55:42 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/11/04 10:49:22 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/04 10:49:22 | 00,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/04 10:49:22 | 00,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/04 10:48:17 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/04 10:46:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/04 10:45:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/04 10:45:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/04 10:45:03 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/04 10:44:22 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Julie\NTUSER.DAT
[2009/11/04 10:44:11 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Julie\ntuser.ini
[2009/11/04 10:44:03 | 08,064,634 | -H-- | M] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\IconCache.db
[2009/11/04 10:34:36 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 10:32:19 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\Shortcut to mbam-setup.exe.lnk
[2009/11/03 20:03:21 | 00,000,683 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\Shortcut to OTL.lnk
[2009/10/30 19:28:21 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\NTREGOPT.lnk
[2009/10/30 19:28:21 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\ERUNT.lnk
[2009/10/27 14:15:37 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/25 12:48:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/16 19:53:38 | 00,083,630 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\2842_1136739579750_1265187912_369585_465864_n.jpg
[2009/10/16 19:53:10 | 00,037,042 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\2842_1136738539724_1265187912_369584_7410913_n.jpg
[2009/10/12 21:02:45 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/12 11:27:47 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/10/12 07:39:55 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\Microsoft Office Word 2003.lnk
[4 C:\Documents and Settings\Julie\Desktop\*.tmp files -> C:\Documents and Settings\Julie\Desktop\*.tmp -> ]
[17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/04 10:34:36 | 00,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/04 10:32:19 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\Shortcut to mbam-setup.exe.lnk
[2009/11/03 20:03:21 | 00,000,683 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\Shortcut to OTL.lnk
[2009/10/30 19:28:21 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\NTREGOPT.lnk
[2009/10/30 19:28:21 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\ERUNT.lnk
[2009/10/27 14:15:37 | 00,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/16 19:53:37 | 00,083,630 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\2842_1136739579750_1265187912_369585_465864_n.jpg
[2009/10/16 19:53:06 | 00,037,042 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\2842_1136738539724_1265187912_369584_7410913_n.jpg
[2009/10/12 11:27:47 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2008/08/11 14:31:30 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008/08/11 14:31:30 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008/08/11 14:28:36 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2008/08/11 14:27:47 | 00,000,442 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2008/08/11 14:27:16 | 00,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2008/08/11 14:25:56 | 00,039,899 | R--- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/10/26 14:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 14:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/19 22:01:05 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/10 18:00:55 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/06/29 23:07:39 | 00,097,569 | ---- | C] () -- C:\Documents and Settings\Julie\Application Data\NMM-MetaData.db
[2007/04/27 16:07:40 | 00,005,721 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/25 11:42:48 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2006/12/31 01:09:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/31 01:08:29 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/07 10:23:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2006/03/27 08:19:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2006/03/18 18:48:05 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/03/18 18:47:45 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/03/18 18:41:11 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2006/03/07 08:59:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2006/01/10 14:11:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2006/01/10 14:11:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2005/12/14 21:12:53 | 00,143,360 | ---- | C] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/30 17:23:05 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\Julie\Application Data\wklnhst.dat
[2005/11/21 22:34:44 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2005/11/21 22:34:42 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/21 22:34:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/14 17:36:40 | 00,033,512 | ---- | C] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/10/09 09:34:59 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/10/09 09:03:01 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2005/10/09 08:53:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Julie\Application Data\desktop.ini
[2005/10/09 08:53:12 | 08,064,634 | -H-- | C] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\IconCache.db
[2005/09/20 16:40:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/24 08:44:16 | 00,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/24 08:34:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/24 08:34:13 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/24 08:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/24 08:34:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/24 08:34:13 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/24 08:34:13 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/24 08:32:19 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/24 08:31:49 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/24 08:31:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/24 08:31:49 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/24 08:31:49 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/10 18:02:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/23 16:32:31 | 00,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/05/23 14:14:59 | 00,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/23 14:14:59 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/23 13:30:21 | 00,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/05/23 12:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/23 12:52:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/23 12:45:19 | 00,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/23 09:01:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 08:51:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/23 08:32:45 | 00,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/23 08:29:57 | 00,000,804 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/05/23 08:29:51 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/05/23 01:46:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/04/25 12:44:04 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/04/20 19:38:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/04/20 19:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/03/30 13:50:38 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/02/25 14:44:56 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/08/12 07:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/04/13 00:10:24 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/13 18:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

I could not find the extra.txt from today.It did not open like the OTL.Txt did after the scan finished.
I checked google and it looks like it is working.
Thank you so much for your time and patience helping me correct this problem.
If you need to see todays extra.txt let me know how to find it. I looked in the the same place that OTL is saved since mine did not save to the desktop. Whenever I download anything it does not give me the option of where I want to save the download it automatically saves to C drive. That is why I was unable to save to desktop earlier.

Thanks again

Anna

Edited by axg317, 04 November 2009 - 01:05 PM.

#12
heir

Posted 04 November 2009 - 01:53 PM

Trusted Helper

Malware Removal
5,427 posts

Looking better.

I also did not uninstall Limewire because I installed it after I already had this google problem. But I can uninstall it if you need me to.

Then please at least do not use it until you are clean.
A reminder - Files downloaded with P2P softwares often have malware attach to them - that's one way of spreading malware.

Let's run an online scan as well.

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u17-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586.exe and select "Run as an Administrator.")

How is your computer running now?

#13
axg317

Posted 04 November 2009 - 09:24 PM

New Member

Topic Starter
Member
9 posts

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 4, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 04, 2009 23:15:24
Records in database: 3133256
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 94311
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 02:17:57

File name / Threat / Threats count
C:\_OTL\MovedFiles\11032009_200430\C_WINDOWS\freddy61.exe Infected: Net-Worm.Win32.Koobface.blj 1
C:\_OTL\MovedFiles\11032009_200430\C_WINDOWS\ld12.exe Infected: Net-Worm.Win32.Koobface.bkd 1
C:\_OTL\MovedFiles\11032009_200430\C_WINDOWS\pp11.exe Infected: Trojan.Win32.Small.cbw 1

Selected area has been scanned.

Edited by axg317, 04 November 2009 - 09:26 PM.

#14
heir

Posted 05 November 2009 - 12:47 AM

Trusted Helper

Malware Removal
5,427 posts

Hey there, axg317 !

OK! Well done, your log is clean again!

Time for some housekeeping.

Step 1.
Clean up:

First:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Double-click OTL.exe to start it.
Click the CleanUp button
Click Yes to the reboot.

Now delete any logs that is left over after you ran OTL CleanUp.

Second:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.

Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Older versions of Adobe Acrobat Reader are vulnerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,

Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

Click Start.
Select Settings and then Control Panel.
Select Automatic Updates.
Click Automatic (recommended)
Choose a day and a time when you know the computer will be on and connected to the internet.
Click Apply then OK.

Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here

.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

Fourth:
Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls

Comodo is a free fully functional firewall
Online Armor (Free edition) personal firewall

Fifth:
On to personal Anti Virus programs.

One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs

avast! 4 Home Edition an excellent free AV.
AVG Anti-Virus Free Edition 8.5 is free for personal use.
Avira AntiVir PersonalEdition, yet another good free AV.

Sixth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

Trillian or,
Miranda-IM

Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

#15
heir

Posted 09 November 2009 - 11:40 AM

Trusted Helper

Malware Removal
5,427 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.