Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow Computer, Apps Taking Longer to Start [Solved]

Started by skipperscruise , May 07 2012 07:43 PM

This topic is locked

#16
Essexboy

Posted 12 May 2012 - 09:11 AM

GeekU Moderator

Retired Staff
69,964 posts

From normal mode now could you run a fresh OTL log with all users selected and also the Farbar scan

Along with an update on the current problems

#17
skipperscruise

Posted 12 May 2012 - 09:40 AM

Member

Topic Starter
Member
48 posts

Here is the latest log of OTL and FSS. Computer seems to be working fine and Adobe Reader can be opened once again.

OTL Log:

OTL logfile created on: 5/12/2012 11:18:08 AM - Run 10
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 385.84 Mb Available Physical Memory | 37.70% Memory free
12.53 Gb Paging File | 11.89 Gb Available in Paging File | 94.91% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 3.18 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.03 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.77 Gb Free Space | 24.71% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 74.75 Gb Free Space | 32.10% Space Free | Partition Type: NTFS

Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/10/17 18:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/08/08 00:15:28 | 001,101,824 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2010/02/10 23:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/02/08 18:32:28 | 001,369,376 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/08/07 09:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/01/10 12:35:18 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE

========== Modules (No Company Name) ==========

MOD - [2012/04/13 10:38:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
MOD - [2012/04/13 10:38:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/04/13 10:38:28 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/04/13 10:38:27 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/04/13 10:37:47 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/04/13 10:37:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/13 00:29:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/13 00:29:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012/04/13 00:27:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/13 00:27:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:27:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/13 00:27:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/13 00:26:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/13 00:26:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/13 00:25:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/13 00:25:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/13 00:09:19 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:09:06 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/04/13 00:08:58 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/04/13 00:08:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/04/13 00:08:12 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/04/13 00:08:03 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/04/13 00:08:01 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/04/13 00:07:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/08 00:15:28 | 000,049,152 | ---- | M] () -- C:\Program Files\stickies\shook70.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/07 09:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll
MOD - [2009/08/07 09:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/07/31 14:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll
MOD - [2008/05/01 13:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll
MOD - [2008/01/02 12:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll
MOD - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
MOD - [2004/11/17 12:18:22 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\Core Center\RushTop.dll
MOD - [2002/01/10 12:35:20 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2002/01/10 12:35:14 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll
MOD - [2001/07/31 21:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/07 07:48:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/17 18:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/04 12:13:19 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2008/05/28 10:30:50 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/16 09:27:00 | 000,023,744 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 17:32:16 | 000,006,272 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

O1 HOSTS File: ([2012/05/12 09:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 10:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/12 09:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/12 09:33:34 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Amazon MP3
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2012/05/08 23:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/05/08 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

========== Files - Modified Within 30 Days ==========

[2012/05/12 11:22:24 | 000,067,616 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/05/12 11:17:02 | 000,337,607 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/12 11:16:59 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/05/12 10:55:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 10:54:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 10:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/12 10:05:24 | 027,076,384 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/05/12 10:05:24 | 002,545,628 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/05/12 09:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/12 09:33:37 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/12 08:28:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/12 00:06:59 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/05/11 21:47:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/05/11 07:13:37 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/05/10 20:28:02 | 133,615,528 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/10 20:15:43 | 000,001,550 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/05/10 16:44:56 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/10 07:22:57 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/10 07:20:57 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/05/09 09:43:48 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/09 09:41:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/08 23:27:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/08 16:50:22 | 000,001,687 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/05/07 23:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2012/05/07 10:01:54 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/06 21:40:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/04 17:26:03 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/05/04 17:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/05/04 17:25:55 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/18 09:05:20 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\BytePro.lnk
[2012/04/13 00:32:45 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/13 00:25:39 | 000,503,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/13 00:25:39 | 000,088,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/13 00:23:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/05/12 11:17:02 | 000,337,607 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/10 20:27:47 | 133,615,528 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/08 23:27:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 10:01:53 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/07 10:01:53 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpofazubijaxesa.dat
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/04/22 18:55:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/14 23:43:25 | 001,629,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 00:12:44 | 000,001,550 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/01 17:42:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2012/05/12 10:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/11 11:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2011/03/02 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dying for Daylight
[2011/10/06 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/05/12 10:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2011/03/05 14:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight
[2011/03/02 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight Shared
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/05/11 21:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/05/12 10:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/04/19 07:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D

< End of report >

FSS Log:

Farbar Service Scanner Version: 11-05-2012
Ran by Matt (administrator) on 12-05-2012 at 11:26:36
Running from "C:\Documents and Settings\Matt\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) IPSECSHM(9) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#18
Essexboy

Posted 12 May 2012 - 09:49 AM

GeekU Moderator

Retired Staff
69,964 posts

What is your main PDF reader ? Is it Nuance or Adobe ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#19
skipperscruise

Posted 13 May 2012 - 11:05 AM

Member

Topic Starter
Member
48 posts

Using Adobe PDF Reader v 10.1.3

Her'es the log from Malwarebytes:. It did state "The scan completed succesfully. No malicious items were dected."

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Matt :: MATTCUSTOM [administrator]

5/13/2012 12:28:31 PM
mbam-log-2012-05-13 (12-28-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215792
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#20
Essexboy

Posted 13 May 2012 - 02:17 PM

GeekU Moderator

Retired Staff
69,964 posts

Is it just the reader functions that you are using, not the creation ?

If so I would recommend replacing it with Foxit reader, it is smaller, faster and more secure

Any outstanding problems ?

#21
skipperscruise

Posted 13 May 2012 - 07:20 PM

Member

Topic Starter
Member
48 posts

Using Adobe as a reader not creation. I will try Foxit reader since I read pdf extensively. There are no outstanding problems. What exactly was the malware? Finally, thank you for your help! Skipperscruise

#22
skipperscruise

Posted 13 May 2012 - 07:22 PM

Member

Topic Starter
Member
48 posts

What top two or three free anti-virus do you recommend? I have downloaded Avast but have not installed it yet.

#23
Essexboy

Posted 14 May 2012 - 12:47 PM

GeekU Moderator

Retired Staff
69,964 posts

The main problem was the Host file as it was full of Chinese redirect elements

There were also a few traces of Java script malware and generic trojan downloaders

Reference the Avtivirus programmes :

I am biased here (as I suppose most people are with these types of programme ) I use Avast Internet security and have done since the very first release of Avast when it was version 4.0 which I guess is about 10 years ago.

I have played with others but none gave me the same sense of security and were generally heavier on resources.
The main "selling point" of Avast if you like is the webshield. This scans all web pages as they are downloaded and it is looking for Java scripts, redirects, cross scripting etc.. It will terminate any suspect connection immediately, so is quite good on the protection side. Removal is about average, but if it stops you getting infected then it is not a problem

If you need assistance in setting it up then just shout

Thank you for the donation 'tis gratefully accepted :cheers:

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#24
skipperscruise

Posted 14 May 2012 - 06:40 PM

Member

Topic Starter
Member
48 posts

Problem is back. Can not open Adobe Reader. Lower right corner of the system tray apps start loading really slow and eventually gain speed to finish loading on a reboot. Wondering if problem is something other than malware like file corruption or prelude to a hard drive crash. But malware could still be returning since it is returning but is fixed when you run the various fixes. Here is a new OTL log with All Users checked:

OTL logfile created on: 5/14/2012 8:24:50 PM - Run 11
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 352.69 Mb Available Physical Memory | 34.46% Memory free
12.53 Gb Paging File | 11.87 Gb Available in Paging File | 94.72% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 3.25 Gb Free Space | 9.51% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.03 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.77 Gb Free Space | 24.71% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 74.64 Gb Free Space | 32.05% Space Free | Partition Type: NTFS

Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/10/17 18:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/08/08 00:15:28 | 001,101,824 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2010/02/10 23:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/02/08 18:32:28 | 001,369,376 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/08/07 09:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/01/10 12:35:18 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE

========== Modules (No Company Name) ==========

MOD - [2012/05/14 20:09:04 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\dvdpvaws.dll
MOD - [2012/04/13 10:38:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
MOD - [2012/04/13 10:38:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/04/13 10:38:28 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/04/13 10:38:27 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/04/13 10:37:47 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/04/13 10:37:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/13 00:29:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/13 00:29:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012/04/13 00:27:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/13 00:27:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:27:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/13 00:27:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/13 00:26:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/13 00:26:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/13 00:25:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/13 00:25:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/13 00:09:19 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:09:06 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/04/13 00:08:58 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/04/13 00:08:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/04/13 00:08:12 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/04/13 00:08:03 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/04/13 00:08:01 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/04/13 00:07:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/08 00:15:28 | 000,049,152 | ---- | M] () -- C:\Program Files\stickies\shook70.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/07 09:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll
MOD - [2009/08/07 09:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/07/31 14:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll
MOD - [2008/05/20 05:18:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/05/01 13:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll
MOD - [2008/01/02 12:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll
MOD - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
MOD - [2004/11/17 12:18:22 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\Core Center\RushTop.dll
MOD - [2002/01/10 12:35:20 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2002/01/10 12:35:14 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll
MOD - [2001/07/31 21:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/07 07:48:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/17 18:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/04 12:13:19 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2008/05/28 10:30:50 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/16 09:27:00 | 000,023,744 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 17:32:16 | 000,006,272 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

O1 HOSTS File: ([2012/05/12 09:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: compya64 - (C:\WINDOWS\system32\dvdpvaws.dll) - C:\WINDOWS\system32\dvdpvaws.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 16:57:46 | 000,086,016 | ---- | C] (ESET) -- C:\Documents and Settings\All Users\Application Data\dvdpvaws.dll
[2012/05/14 13:18:02 | 000,086,528 | ---- | C] (ESET) -- C:\WINDOWS\dvdpvaws.dll
[2012/05/13 21:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/13 12:23:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/12 10:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/12 09:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/12 09:33:34 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Amazon MP3
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2012/05/08 23:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/05/08 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

========== Files - Modified Within 30 Days ==========

[2012/05/14 20:29:08 | 000,090,144 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/05/14 20:16:22 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/05/14 20:15:39 | 027,094,048 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/05/14 20:09:04 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\dvdpvaws.dll
[2012/05/14 20:02:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 20:01:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 19:01:09 | 002,547,308 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/05/14 19:00:15 | 000,001,550 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/05/14 18:55:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 18:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 16:57:46 | 000,086,016 | ---- | M] (ESET) -- C:\Documents and Settings\All Users\Application Data\dvdpvaws.dll
[2012/05/14 16:57:28 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/14 13:18:02 | 000,086,528 | ---- | M] (ESET) -- C:\WINDOWS\dvdpvaws.dll
[2012/05/14 11:02:17 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/05/14 10:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/05/14 10:06:05 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 09:50:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/14 07:18:51 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/14 06:51:50 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/13 23:51:56 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/05/13 21:28:45 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/13 14:24:44 | 000,001,687 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/05/13 12:27:36 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 12:24:03 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/12 11:17:02 | 000,337,607 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/12 09:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/12 09:33:37 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/11 07:13:37 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/05/10 20:28:02 | 133,615,528 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/10 07:20:57 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/05/08 23:27:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2012/05/07 10:01:54 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/04 17:26:03 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/05/04 17:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/05/04 17:25:55 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/18 09:05:20 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\BytePro.lnk

========== Files Created - No Company Name ==========

[2012/05/14 12:25:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dvdpvaws.dll
[2012/05/12 11:17:02 | 000,337,607 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/10 20:27:47 | 133,615,528 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/08 23:27:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 10:01:53 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/07 10:01:53 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpofazubijaxesa.dat
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/04/22 18:55:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/14 23:43:25 | 001,629,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 00:12:44 | 000,001,550 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/01 17:42:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2012/05/14 20:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/14 15:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2011/03/02 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dying for Daylight
[2011/10/06 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/05/14 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2011/03/05 14:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight
[2011/03/02 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight Shared
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/05/14 12:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/05/14 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/04/19 07:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D

< End of report >

#25
skipperscruise

Posted 14 May 2012 - 07:40 PM

Member

Topic Starter
Member
48 posts

Also, let me add that I can not attach a PDF file located on my PC to an email in Outlook located on my PC. However, if I copy and paste that same PDF to another PC on the LAN and I can then attach it fine to an email in Outlook on my PC.

#26
Essexboy

Posted 15 May 2012 - 11:28 AM

GeekU Moderator

Retired Staff
69,964 posts

Looking at the latest log the app cert is back. Are you using a USB at any stage to transfer data ?

I think this time rather than manually delete I will utilise the power of combofix

Could you download a fresh copy of combofix please and again if necessary run from safe mode

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#27
skipperscruise

Posted 15 May 2012 - 11:41 AM

Member

Topic Starter
Member
48 posts

I am not using a USB to trnsfer data but I am using remote desktop connection to and from this pc to another pc over the internet. I am suspectiing the other pc may be infected. I will later today post a OTL for that second pc and post under a new topic as to not get it confused with this. The new topic name will be "Second Slow PC for Essexboy". Hope that works for you. Will have the log shortly.

#28
Essexboy

Posted 15 May 2012 - 11:55 AM

GeekU Moderator

Retired Staff
69,964 posts

Aye thanks - give me a PM when you post. As I see it at the moment it appears to be a transfered infection as opposed to one on the system.. So good call on the other system

#29
skipperscruise

Posted 15 May 2012 - 12:10 PM

Member

Topic Starter
Member
48 posts

Log from Combo Fix for this pc (the one we've been working on). Let me know. Thanks, Matt (skipperscruise)

ComboFix 12-05-15.04 - Matt 05/15/2012 13:48:24.7.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.768 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dvdpvaws.dll
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-14 17:18 . 2012-05-15 01:37 86016 ----a-w- c:\windows\dvdpvaws.dll
2012-05-14 16:25 . 2012-05-15 00:09 86016 ----a-w- c:\windows\system32\dvdpvaws.dll
2012-05-12 12:36 . 2012-05-12 12:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-05-12 12:25 . 2012-05-12 12:26 -------- d-----w- C:\_OTL
2012-05-09 03:30 . 2012-05-09 03:30 -------- d-----w- c:\documents and settings\Matt\Application Data\Amazon
2012-05-09 03:27 . 2012-05-09 03:27 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 11:48 . 2012-04-06 11:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 11:48 . 2011-05-17 11:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 02:15 . 2005-07-01 00:15 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-04-05 15:33 . 2012-04-05 15:33 54272 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{3B3620D0-CE42-47CB-A0C0-434F860BEE55}\Icon68B05021.exe
2012-04-04 19:56 . 2010-07-01 21:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 15:19 . 2012-04-02 15:19 1409 ----a-w- c:\windows\QTFont.for
2012-03-15 12:02 . 2012-01-06 18:35 4194304 ----a-r- c:\windows\system32\cdintf400.dll
2012-03-01 11:01 . 2004-08-04 01:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 01:07 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 01:07 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_13.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-07 21:05 . 2011-10-07 21:05 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f\vcomp90.dll
+ 2012-05-12 23:40 . 2012-05-12 23:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-03-19 17:25 . 2012-04-28 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-03-19 17:25 . 2012-05-12 23:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-07-17 21:31 . 2012-04-28 16:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-12 23:40 . 2012-05-12 23:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-14 10:55 . 2012-05-14 10:55 87952 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2012-04-26 13:05 . 2012-04-26 13:05 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2012-05-14 10:56 . 2012-05-14 10:56 10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
+ 2012-05-14 03:51 . 2012-05-14 03:51 77610 c:\windows\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}\_853F67D554F05449430E7E.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\6c664e4ac26b48379e2361933263407c\WiaProxy32.ni.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2012-05-14 03:51 . 2012-05-14 03:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\b4f63a52bdf34cffb08838afd3b153ba\Interop.WIA.ni.dll
- 2012-04-13 04:29 . 2012-04-13 04:29 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\b4f63a52bdf34cffb08838afd3b153ba\Interop.WIA.ni.dll
- 2010-07-01 21:42 . 2012-05-10 20:44 1984 c:\windows\system32\d3d9caps.dat
+ 2010-07-01 21:42 . 2012-05-14 20:57 1984 c:\windows\system32\d3d9caps.dat
+ 2011-10-07 21:05 . 2011-10-07 21:05 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 641360 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcr90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 853328 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcm90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197\atl90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 323624 c:\windows\system32\wiaaut.dll
- 2004-06-19 02:43 . 2004-06-19 02:43 323624 c:\windows\system32\wiaaut.dll
+ 2008-04-03 00:31 . 2012-05-15 17:43 333856 c:\windows\system32\drivers\fidbox.dat
- 2011-02-10 01:45 . 2012-05-12 12:40 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-02-10 01:45 . 2012-05-15 11:58 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-26 12:50 . 2012-04-26 12:50 284088 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2012-04-26 13:06 . 2012-04-26 13:06 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 366592 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2012-04-26 12:54 . 2012-04-26 12:54 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 544256 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2012-04-26 13:12 . 2012-04-26 13:12 113592 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2012-04-26 13:12 . 2012-04-26 13:12 281016 c:\windows\system32\Adobe\Director\swdir.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2012-05-14 03:51 . 2012-05-14 03:51 498688 c:\windows\Installer\7edc331.msi
+ 2012-05-14 10:56 . 2012-05-14 10:56 430592 c:\windows\Installer\480ad.msi
+ 2012-05-15 12:02 . 2012-05-15 12:02 327680 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000002\UsrClass.dat
+ 2012-05-15 12:02 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-15-2012\ERDNT.EXE
+ 2012-05-14 10:52 . 2012-05-14 10:52 327680 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000002\UsrClass.dat
+ 2012-05-14 10:52 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-14-2012\ERDNT.EXE
+ 2012-05-14 03:52 . 2012-05-14 03:52 902144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\72dcea818b404af2ae5e09c7bfad23c0\PaintDotNet.SystemLayer.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\1b1059b3a8d5e65fc8871e2caa217d77\PaintDotNet.SystemLayer.Native.x86.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 389632 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\ae15108c41b061c424c623c12e929270\PaintDotNet.Resources.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 813568 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\cd3ce965c489d301aaa5129d9c788257\PaintDotNet.Effects.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 582144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\788725a1a509974f4337ed4f8785772a\PaintDotNet.Data.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 862720 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\e215539d16f01a892d6701a7e13c0c22\PaintDotNet.Base.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 547840 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\bac208d52b13a53a1539eaa7e25049b5\ICSharpCode.SharpZipLib.ni.dll
+ 2012-04-26 13:11 . 2012-04-26 13:11 1040824 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1165635.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 1231360 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2012-04-26 12:55 . 2012-04-26 12:55 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 3212288 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\50b952d2e434de143a9ce51d5533f6d2\PaintDotNet.ni.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 1932800 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\83239a3618c3e5cec6ec0e93acdcebab\PaintDotNet.Core.ni.dll
+ 2008-04-03 00:31 . 2012-05-15 17:43 27102752 c:\windows\system32\drivers\fidbox2.dat
+ 2012-05-15 12:02 . 2012-05-15 12:02 21798912 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000001\NTUSER.DAT
+ 2012-05-14 10:52 . 2012-05-14 10:52 21770240 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-09-23 69707]
"KeePass Password Safe"="c:\program files\KeePass Password Safe\KeePass.exe" [2006-10-14 681472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-12-07 84480]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-02-11 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-02-11 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDFViewerPlus\pdfpro5hook.exe" [2010-02-08 1369376]
"PDF5 Registry Controller"="c:\program files\Nuance\PDFViewerPlus\RegistryController.exe" [2010-02-08 62752]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
Epson scanner Registration.lnk - d:\common\EpsonReg\Ereg.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2011-3-27 223232]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-8-8 1101824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2005-6-19 840704]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2004-12-8 1288704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-9 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-25 789008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2005-6-22 36864]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2011-3-27 223232]
XSites Desktop.lnk - c:\program files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe [2008-7-31 374088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk.disabled
backup=c:\windows\pss\Billminder.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2/10/2010 11:30 PM 144672]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [3/27/2011 1:44 PM 276480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 7:26 AM 257696]
S3 DigiCellDriver;DigiCellDriver; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/4/2007 2:58 PM 24344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.SYS [6/19/2005 8:22 AM 23744]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 utiznzyw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utiznzyw.sys --> c:\windows\system32\Drivers\utiznzyw.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:48]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.mortgagenewsdaily.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - {361D6100-9833-4ABA-BB50-7015F325BBF0} - c:\windows\Downloaded Program Files\IEPrint.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: secureserver.net.\www.email
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: IEPrint - hxxp://www.visiontech.ltd.uk/software/download/IEPrint.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 13:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD1D769D-E28C-B9C0-CFF5-59B11659B474}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,4a,be,4f,d8,30,d2,d1,47,e9,98,4f,cf,b8,9b,45,e6,aa,85,20,7e,ca,dc,
51,8a,3c,67,5d,e4,d6,6f,d0,c8,ca,b0,31,4f,10,f0,86,1f,98,97,2c,13,8a,80,c8,\
"??"=hex:5b,3d,f9,88,c2,d3,15,da,1b,1b,82,0a,68,e2,65,fb
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\klogon.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-05-15 14:01:32
ComboFix-quarantined-files.txt 2012-05-15 18:01
ComboFix2.txt 2012-05-12 13:56
ComboFix3.txt 2011-04-26 01:19
ComboFix4.txt 2011-04-24 02:08
ComboFix5.txt 2012-05-15 17:46
.
Pre-Run: 3,268,751,360 bytes free
Post-Run: 3,462,791,168 bytes free
.
- - End Of File - - C40A62BADD75E50E28F39AD41EB1C3F6

#30
Essexboy

Posted 15 May 2012 - 12:39 PM

GeekU Moderator

Retired Staff
69,964 posts

Combofix missed two iterations of it

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\dvdpvaws.dll
c:\windows\system32\dvdpvaws.dll

Reg::
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
"compya64"=-

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.