Along with an update on the current problems
Slow Computer, Apps Taking Longer to Start [Solved]
Started by
skipperscruise
, May 07 2012 07:43 PM
#16
Posted 12 May 2012 - 09:11 AM
Along with an update on the current problems
#17
Posted 12 May 2012 - 09:40 AM
Here is the latest log of OTL and FSS. Computer seems to be working fine and Adobe Reader can be opened once again.
OTL Log:
OTL logfile created on: 5/12/2012 11:18:08 AM - Run 10
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 385.84 Mb Available Physical Memory | 37.70% Memory free
12.53 Gb Paging File | 11.89 Gb Available in Paging File | 94.91% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 3.18 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.03 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.77 Gb Free Space | 24.71% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 74.75 Gb Free Space | 32.10% Space Free | Partition Type: NTFS
Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/10/17 18:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/08/08 00:15:28 | 001,101,824 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2010/02/10 23:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/02/08 18:32:28 | 001,369,376 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/08/07 09:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/01/10 12:35:18 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE
========== Modules (No Company Name) ==========
MOD - [2012/04/13 10:38:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
MOD - [2012/04/13 10:38:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/04/13 10:38:28 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/04/13 10:38:27 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/04/13 10:37:47 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/04/13 10:37:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/13 00:29:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/13 00:29:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012/04/13 00:27:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/13 00:27:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:27:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/13 00:27:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/13 00:26:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/13 00:26:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/13 00:25:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/13 00:25:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/13 00:09:19 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:09:06 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/04/13 00:08:58 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/04/13 00:08:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/04/13 00:08:12 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/04/13 00:08:03 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/04/13 00:08:01 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/04/13 00:07:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/08 00:15:28 | 000,049,152 | ---- | M] () -- C:\Program Files\stickies\shook70.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/07 09:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll
MOD - [2009/08/07 09:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/07/31 14:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll
MOD - [2008/05/01 13:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll
MOD - [2008/01/02 12:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll
MOD - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
MOD - [2004/11/17 12:18:22 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\Core Center\RushTop.dll
MOD - [2002/01/10 12:35:20 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2002/01/10 12:35:14 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll
MOD - [2001/07/31 21:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/07 07:48:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/17 18:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/04 12:13:19 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2008/05/28 10:30:50 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/16 09:27:00 | 000,023,744 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 17:32:16 | 000,006,272 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
O1 HOSTS File: ([2012/05/12 09:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/12 10:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/12 09:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/12 09:33:34 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Amazon MP3
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2012/05/08 23:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/05/08 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
========== Files - Modified Within 30 Days ==========
[2012/05/12 11:22:24 | 000,067,616 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/05/12 11:17:02 | 000,337,607 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/12 11:16:59 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/05/12 10:55:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 10:54:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 10:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/12 10:05:24 | 027,076,384 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/05/12 10:05:24 | 002,545,628 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/05/12 09:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/12 09:33:37 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/12 08:28:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/12 00:06:59 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/05/11 21:47:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/05/11 07:13:37 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/05/10 20:28:02 | 133,615,528 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/10 20:15:43 | 000,001,550 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/05/10 16:44:56 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/10 07:22:57 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/10 07:20:57 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/05/09 09:43:48 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/09 09:41:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/08 23:27:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/08 16:50:22 | 000,001,687 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/05/07 23:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2012/05/07 10:01:54 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/06 21:40:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/04 17:26:03 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/05/04 17:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/05/04 17:25:55 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/18 09:05:20 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\BytePro.lnk
[2012/04/13 00:32:45 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/13 00:25:39 | 000,503,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/13 00:25:39 | 000,088,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/13 00:23:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2012/05/12 11:17:02 | 000,337,607 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/10 20:27:47 | 133,615,528 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/08 23:27:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 10:01:53 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/07 10:01:53 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpofazubijaxesa.dat
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/04/22 18:55:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/14 23:43:25 | 001,629,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 00:12:44 | 000,001,550 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/01 17:42:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
========== LOP Check ==========
[2012/05/12 10:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/11 11:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2011/03/02 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dying for Daylight
[2011/10/06 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/05/12 10:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2011/03/05 14:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight
[2011/03/02 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight Shared
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/05/11 21:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/05/12 10:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/04/19 07:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D
< End of report >
FSS Log:
Farbar Service Scanner Version: 11-05-2012
Ran by Matt (administrator) on 12-05-2012 at 11:26:36
Running from "C:\Documents and Settings\Matt\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) IPSECSHM(9) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.
**** End of log ****
OTL Log:
OTL logfile created on: 5/12/2012 11:18:08 AM - Run 10
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 385.84 Mb Available Physical Memory | 37.70% Memory free
12.53 Gb Paging File | 11.89 Gb Available in Paging File | 94.91% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 3.18 Gb Free Space | 9.30% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.03 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.77 Gb Free Space | 24.71% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 74.75 Gb Free Space | 32.10% Space Free | Partition Type: NTFS
Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/10/17 18:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/08/08 00:15:28 | 001,101,824 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2010/02/10 23:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/02/08 18:32:28 | 001,369,376 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/08/07 09:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/01/10 12:35:18 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE
========== Modules (No Company Name) ==========
MOD - [2012/04/13 10:38:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
MOD - [2012/04/13 10:38:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/04/13 10:38:28 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/04/13 10:38:27 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/04/13 10:37:47 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/04/13 10:37:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/13 00:29:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/13 00:29:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012/04/13 00:27:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/13 00:27:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:27:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/13 00:27:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/13 00:26:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/13 00:26:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/13 00:25:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/13 00:25:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/13 00:09:19 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:09:06 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/04/13 00:08:58 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/04/13 00:08:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/04/13 00:08:12 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/04/13 00:08:03 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/04/13 00:08:01 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/04/13 00:07:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/08 00:15:28 | 000,049,152 | ---- | M] () -- C:\Program Files\stickies\shook70.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/07 09:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll
MOD - [2009/08/07 09:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/07/31 14:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll
MOD - [2008/05/01 13:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll
MOD - [2008/01/02 12:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll
MOD - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
MOD - [2004/11/17 12:18:22 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\Core Center\RushTop.dll
MOD - [2002/01/10 12:35:20 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2002/01/10 12:35:14 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll
MOD - [2001/07/31 21:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/07 07:48:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/17 18:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/04 12:13:19 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2008/05/28 10:30:50 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/16 09:27:00 | 000,023,744 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 17:32:16 | 000,006,272 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
O1 HOSTS File: ([2012/05/12 09:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/12 10:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/12 09:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/12 09:33:34 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Amazon MP3
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2012/05/08 23:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/05/08 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
========== Files - Modified Within 30 Days ==========
[2012/05/12 11:22:24 | 000,067,616 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/05/12 11:17:02 | 000,337,607 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/12 11:16:59 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/05/12 10:55:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 10:54:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 10:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/12 10:05:24 | 027,076,384 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/05/12 10:05:24 | 002,545,628 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/05/12 09:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/12 09:33:37 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/12 08:28:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/12 00:06:59 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/05/11 21:47:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/05/11 07:13:37 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/05/10 20:28:02 | 133,615,528 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/10 20:15:43 | 000,001,550 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/05/10 16:44:56 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/10 07:22:57 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/10 07:20:57 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/05/09 09:43:48 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/09 09:41:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/08 23:27:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/08 16:50:22 | 000,001,687 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/05/07 23:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2012/05/07 10:01:54 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/06 21:40:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/04 17:26:03 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/05/04 17:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/05/04 17:25:55 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/18 09:05:20 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\BytePro.lnk
[2012/04/13 00:32:45 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/13 00:25:39 | 000,503,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/13 00:25:39 | 000,088,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/13 00:23:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2012/05/12 11:17:02 | 000,337,607 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/10 20:27:47 | 133,615,528 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/08 23:27:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 10:01:53 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/07 10:01:53 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpofazubijaxesa.dat
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/04/22 18:55:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/14 23:43:25 | 001,629,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 00:12:44 | 000,001,550 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/01 17:42:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
========== LOP Check ==========
[2012/05/12 10:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/11 11:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2011/03/02 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dying for Daylight
[2011/10/06 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/05/12 10:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2011/03/05 14:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight
[2011/03/02 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight Shared
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/05/11 21:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/05/12 10:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/04/19 07:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D
< End of report >
FSS Log:
Farbar Service Scanner Version: 11-05-2012
Ran by Matt (administrator) on 12-05-2012 at 11:26:36
Running from "C:\Documents and Settings\Matt\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) IPSECSHM(9) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000060000000700000008000000090000000A000000
IpSec Tag value is correct.
**** End of log ****
#18
Posted 12 May 2012 - 09:49 AM
What is your main PDF reader ? Is it Nuance or Adobe ?
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
#19
Posted 13 May 2012 - 11:05 AM
Using Adobe PDF Reader v 10.1.3
Her'es the log from Malwarebytes:. It did state "The scan completed succesfully. No malicious items were dected."
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.13.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Matt :: MATTCUSTOM [administrator]
5/13/2012 12:28:31 PM
mbam-log-2012-05-13 (12-28-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215792
Time elapsed: 4 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Her'es the log from Malwarebytes:. It did state "The scan completed succesfully. No malicious items were dected."
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.13.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Matt :: MATTCUSTOM [administrator]
5/13/2012 12:28:31 PM
mbam-log-2012-05-13 (12-28-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215792
Time elapsed: 4 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
#20
Posted 13 May 2012 - 02:17 PM
Is it just the reader functions that you are using, not the creation ?
If so I would recommend replacing it with Foxit reader, it is smaller, faster and more secure
Any outstanding problems ?
If so I would recommend replacing it with Foxit reader, it is smaller, faster and more secure
Any outstanding problems ?
#21
Posted 13 May 2012 - 07:20 PM
Using Adobe as a reader not creation. I will try Foxit reader since I read pdf extensively. There are no outstanding problems. What exactly was the malware? Finally, thank you for your help! Skipperscruise
#22
Posted 13 May 2012 - 07:22 PM
What top two or three free anti-virus do you recommend? I have downloaded Avast but have not installed it yet.
#23
Posted 14 May 2012 - 12:47 PM
The main problem was the Host file as it was full of Chinese redirect elements
There were also a few traces of Java script malware and generic trojan downloaders
Reference the Avtivirus programmes :
I am biased here (as I suppose most people are with these types of programme ) I use Avast Internet security and have done since the very first release of Avast when it was version 4.0 which I guess is about 10 years ago.
I have played with others but none gave me the same sense of security and were generally heavier on resources.
The main "selling point" of Avast if you like is the webshield. This scans all web pages as they are downloaded and it is looking for Java scripts, redirects, cross scripting etc.. It will terminate any suspect connection immediately, so is quite good on the protection side. Removal is about average, but if it stops you getting infected then it is not a problem
If you need assistance in setting it up then just shout
Thank you for the donation 'tis gratefully accepted
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
Remove ComboFix
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
There were also a few traces of Java script malware and generic trojan downloaders
Reference the Avtivirus programmes :
I am biased here (as I suppose most people are with these types of programme ) I use Avast Internet security and have done since the very first release of Avast when it was version 4.0 which I guess is about 10 years ago.
I have played with others but none gave me the same sense of security and were generally heavier on resources.
The main "selling point" of Avast if you like is the webshield. This scans all web pages as they are downloaded and it is looking for Java scripts, redirects, cross scripting etc.. It will terminate any suspect connection immediately, so is quite good on the protection side. Removal is about average, but if it stops you getting infected then it is not a problem
If you need assistance in setting it up then just shout
Thank you for the donation 'tis gratefully accepted
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Remove ComboFix
- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site and click Do I have Java
- It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
#24
Posted 14 May 2012 - 06:40 PM
Problem is back. Can not open Adobe Reader. Lower right corner of the system tray apps start loading really slow and eventually gain speed to finish loading on a reboot. Wondering if problem is something other than malware like file corruption or prelude to a hard drive crash. But malware could still be returning since it is returning but is fixed when you run the various fixes. Here is a new OTL log with All Users checked:
OTL logfile created on: 5/14/2012 8:24:50 PM - Run 11
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 352.69 Mb Available Physical Memory | 34.46% Memory free
12.53 Gb Paging File | 11.87 Gb Available in Paging File | 94.72% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 3.25 Gb Free Space | 9.51% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.03 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.77 Gb Free Space | 24.71% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 74.64 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/10/17 18:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/08/08 00:15:28 | 001,101,824 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2010/02/10 23:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/02/08 18:32:28 | 001,369,376 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/08/07 09:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/01/10 12:35:18 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE
========== Modules (No Company Name) ==========
MOD - [2012/05/14 20:09:04 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\dvdpvaws.dll
MOD - [2012/04/13 10:38:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
MOD - [2012/04/13 10:38:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/04/13 10:38:28 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/04/13 10:38:27 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/04/13 10:37:47 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/04/13 10:37:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/13 00:29:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/13 00:29:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012/04/13 00:27:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/13 00:27:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:27:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/13 00:27:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/13 00:26:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/13 00:26:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/13 00:25:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/13 00:25:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/13 00:09:19 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:09:06 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/04/13 00:08:58 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/04/13 00:08:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/04/13 00:08:12 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/04/13 00:08:03 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/04/13 00:08:01 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/04/13 00:07:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/08 00:15:28 | 000,049,152 | ---- | M] () -- C:\Program Files\stickies\shook70.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/07 09:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll
MOD - [2009/08/07 09:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/07/31 14:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll
MOD - [2008/05/20 05:18:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/05/01 13:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll
MOD - [2008/01/02 12:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll
MOD - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
MOD - [2004/11/17 12:18:22 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\Core Center\RushTop.dll
MOD - [2002/01/10 12:35:20 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2002/01/10 12:35:14 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll
MOD - [2001/07/31 21:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/07 07:48:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/17 18:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/04 12:13:19 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2008/05/28 10:30:50 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/16 09:27:00 | 000,023,744 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 17:32:16 | 000,006,272 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
O1 HOSTS File: ([2012/05/12 09:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: compya64 - (C:\WINDOWS\system32\dvdpvaws.dll) - C:\WINDOWS\system32\dvdpvaws.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/14 16:57:46 | 000,086,016 | ---- | C] (ESET) -- C:\Documents and Settings\All Users\Application Data\dvdpvaws.dll
[2012/05/14 13:18:02 | 000,086,528 | ---- | C] (ESET) -- C:\WINDOWS\dvdpvaws.dll
[2012/05/13 21:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/13 12:23:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/12 10:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/12 09:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/12 09:33:34 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Amazon MP3
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2012/05/08 23:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/05/08 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
========== Files - Modified Within 30 Days ==========
[2012/05/14 20:29:08 | 000,090,144 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/05/14 20:16:22 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/05/14 20:15:39 | 027,094,048 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/05/14 20:09:04 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\dvdpvaws.dll
[2012/05/14 20:02:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 20:01:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 19:01:09 | 002,547,308 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/05/14 19:00:15 | 000,001,550 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/05/14 18:55:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 18:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 16:57:46 | 000,086,016 | ---- | M] (ESET) -- C:\Documents and Settings\All Users\Application Data\dvdpvaws.dll
[2012/05/14 16:57:28 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/14 13:18:02 | 000,086,528 | ---- | M] (ESET) -- C:\WINDOWS\dvdpvaws.dll
[2012/05/14 11:02:17 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/05/14 10:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/05/14 10:06:05 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 09:50:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/14 07:18:51 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/14 06:51:50 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/13 23:51:56 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/05/13 21:28:45 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/13 14:24:44 | 000,001,687 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/05/13 12:27:36 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 12:24:03 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/12 11:17:02 | 000,337,607 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/12 09:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/12 09:33:37 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/11 07:13:37 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/05/10 20:28:02 | 133,615,528 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/10 07:20:57 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/05/08 23:27:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2012/05/07 10:01:54 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/04 17:26:03 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/05/04 17:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/05/04 17:25:55 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/18 09:05:20 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\BytePro.lnk
========== Files Created - No Company Name ==========
[2012/05/14 12:25:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dvdpvaws.dll
[2012/05/12 11:17:02 | 000,337,607 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/10 20:27:47 | 133,615,528 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/08 23:27:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 10:01:53 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/07 10:01:53 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpofazubijaxesa.dat
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/04/22 18:55:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/14 23:43:25 | 001,629,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 00:12:44 | 000,001,550 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/01 17:42:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
========== LOP Check ==========
[2012/05/14 20:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/14 15:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2011/03/02 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dying for Daylight
[2011/10/06 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/05/14 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2011/03/05 14:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight
[2011/03/02 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight Shared
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/05/14 12:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/05/14 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/04/19 07:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D
< End of report >
OTL logfile created on: 5/14/2012 8:24:50 PM - Run 11
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 352.69 Mb Available Physical Memory | 34.46% Memory free
12.53 Gb Paging File | 11.87 Gb Available in Paging File | 94.72% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 3.25 Gb Free Space | 9.51% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.03 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.77 Gb Free Space | 24.71% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 74.64 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
PRC - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/10/17 18:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/08/08 00:15:28 | 001,101,824 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2010/02/10 23:32:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/02/08 18:32:28 | 001,369,376 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
PRC - [2009/08/07 09:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2002/01/10 12:35:18 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\QUICKENW\QWDLLS.EXE
========== Modules (No Company Name) ==========
MOD - [2012/05/14 20:09:04 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\dvdpvaws.dll
MOD - [2012/04/13 10:38:49 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\873202699833a0c3d031c82b556a7296\System.ServiceProcess.ni.dll
MOD - [2012/04/13 10:38:30 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/04/13 10:38:28 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/04/13 10:38:27 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/04/13 10:37:47 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
MOD - [2012/04/13 10:37:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/13 00:29:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/13 00:29:25 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2012/04/13 00:27:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/13 00:27:54 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:27:41 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/13 00:27:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/13 00:26:36 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/13 00:26:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/13 00:25:33 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/13 00:25:31 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/13 00:09:19 | 013,196,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll
MOD - [2012/04/13 00:09:06 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/04/13 00:08:58 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/04/13 00:08:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/04/13 00:08:12 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/04/13 00:08:03 | 001,665,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll
MOD - [2012/04/13 00:08:01 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/04/13 00:07:54 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/01/31 15:03:30 | 000,223,232 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioConsole.exe
MOD - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () -- C:\Program Files\Serviio\bin\ServiioService.exe
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/08 00:15:28 | 000,049,152 | ---- | M] () -- C:\Program Files\stickies\shook70.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/07 09:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll
MOD - [2009/08/07 09:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/07/31 14:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll
MOD - [2008/05/20 05:18:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/05/01 13:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll
MOD - [2008/01/02 12:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll
MOD - [2004/12/10 13:29:26 | 000,840,704 | ---- | M] () -- C:\Program Files\MSI\Core Center\CoreCenter.exe
MOD - [2004/11/17 12:18:22 | 000,143,360 | ---- | M] () -- C:\Program Files\MSI\Core Center\RushTop.dll
MOD - [2002/01/10 12:35:20 | 000,172,032 | ---- | M] () -- C:\Program Files\QUICKENW\qwapp.dll
MOD - [2002/01/10 12:35:14 | 000,102,400 | ---- | M] () -- C:\Program Files\QUICKENW\qcomutil.dll
MOD - [2001/07/31 21:59:46 | 000,484,864 | ---- | M] () -- C:\Program Files\QUICKENW\alrtint8.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/05/07 07:48:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/10/17 18:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/17 18:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/04 12:13:19 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2008/05/28 10:30:50 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/11/16 09:27:00 | 000,023,744 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/10/07 17:32:16 | 000,006,272 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
O1 HOSTS File: ([2012/05/12 09:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDFViewerPlus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: compya64 - (C:\WINDOWS\system32\dvdpvaws.dll) - C:\WINDOWS\system32\dvdpvaws.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/14 16:57:46 | 000,086,016 | ---- | C] (ESET) -- C:\Documents and Settings\All Users\Application Data\dvdpvaws.dll
[2012/05/14 13:18:02 | 000,086,528 | ---- | C] (ESET) -- C:\WINDOWS\dvdpvaws.dll
[2012/05/13 21:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/13 12:23:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/12 10:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/12 09:56:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/12 09:33:34 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:25:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Amazon MP3
[2012/05/08 23:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2012/05/08 23:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2012/05/08 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
========== Files - Modified Within 30 Days ==========
[2012/05/14 20:29:08 | 000,090,144 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/05/14 20:16:22 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/05/14 20:15:39 | 027,094,048 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012/05/14 20:09:04 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\dvdpvaws.dll
[2012/05/14 20:02:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 20:01:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 19:01:09 | 002,547,308 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012/05/14 19:00:15 | 000,001,550 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/05/14 18:55:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 18:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 16:57:46 | 000,086,016 | ---- | M] (ESET) -- C:\Documents and Settings\All Users\Application Data\dvdpvaws.dll
[2012/05/14 16:57:28 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/14 13:18:02 | 000,086,528 | ---- | M] (ESET) -- C:\WINDOWS\dvdpvaws.dll
[2012/05/14 11:02:17 | 000,001,774 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/05/14 10:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/05/14 10:06:05 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 09:50:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/14 07:18:51 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/14 06:51:50 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/13 23:51:56 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/05/13 21:28:45 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/05/13 14:24:44 | 000,001,687 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/05/13 12:27:36 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 12:24:03 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matt\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/12 11:17:02 | 000,337,607 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/12 09:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/12 09:33:37 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\Gotcha.exe
[2012/05/12 08:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/11 07:13:37 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/05/10 20:28:02 | 133,615,528 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/10 07:20:57 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/05/08 23:27:12 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 21:27:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2012/05/07 10:01:54 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/04 17:26:03 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/05/04 17:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/05/04 17:25:55 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/18 09:05:20 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\BytePro.lnk
========== Files Created - No Company Name ==========
[2012/05/14 12:25:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dvdpvaws.dll
[2012/05/12 11:17:02 | 000,337,607 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\FSS.exe
[2012/05/10 20:27:47 | 133,615,528 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\setup_11.0.0.1245.x01_2012_05_04_11_39.exe
[2012/05/08 23:27:12 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/05/07 10:01:53 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/07 10:01:53 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/05/01 23:08:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 21:25:09 | 000,016,571 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Stuart Restaurants.pdf
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpofazubijaxesa.dat
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/04/22 18:55:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/14 23:43:25 | 001,629,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 00:12:44 | 000,001,550 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/01 17:42:14 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
========== LOP Check ==========
[2012/05/14 20:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/14 15:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2011/03/02 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dying for Daylight
[2011/10/06 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/05/14 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2011/03/05 14:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight
[2011/03/02 00:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dying for Daylight Shared
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/05/14 12:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/05/14 20:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/04/19 07:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D
< End of report >
#25
Posted 14 May 2012 - 07:40 PM
Also, let me add that I can not attach a PDF file located on my PC to an email in Outlook located on my PC. However, if I copy and paste that same PDF to another PC on the LAN and I can then attach it fine to an email in Outlook on my PC.
#26
Posted 15 May 2012 - 11:28 AM
Looking at the latest log the app cert is back. Are you using a USB at any stage to transfer data ?
I think this time rather than manually delete I will utilise the power of combofix
Could you download a fresh copy of combofix please and again if necessary run from safe mode
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
I think this time rather than manually delete I will utilise the power of combofix
Could you download a fresh copy of combofix please and again if necessary run from safe mode
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#27
Posted 15 May 2012 - 11:41 AM
I am not using a USB to trnsfer data but I am using remote desktop connection to and from this pc to another pc over the internet. I am suspectiing the other pc may be infected. I will later today post a OTL for that second pc and post under a new topic as to not get it confused with this. The new topic name will be "Second Slow PC for Essexboy". Hope that works for you. Will have the log shortly.
#28
Posted 15 May 2012 - 11:55 AM
Aye thanks - give me a PM when you post. As I see it at the moment it appears to be a transfered infection as opposed to one on the system.. So good call on the other system
#29
Posted 15 May 2012 - 12:10 PM
Log from Combo Fix for this pc (the one we've been working on). Let me know. Thanks, Matt (skipperscruise)
ComboFix 12-05-15.04 - Matt 05/15/2012 13:48:24.7.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.768 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dvdpvaws.dll
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-14 17:18 . 2012-05-15 01:37 86016 ----a-w- c:\windows\dvdpvaws.dll
2012-05-14 16:25 . 2012-05-15 00:09 86016 ----a-w- c:\windows\system32\dvdpvaws.dll
2012-05-12 12:36 . 2012-05-12 12:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-05-12 12:25 . 2012-05-12 12:26 -------- d-----w- C:\_OTL
2012-05-09 03:30 . 2012-05-09 03:30 -------- d-----w- c:\documents and settings\Matt\Application Data\Amazon
2012-05-09 03:27 . 2012-05-09 03:27 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 11:48 . 2012-04-06 11:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 11:48 . 2011-05-17 11:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 02:15 . 2005-07-01 00:15 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-04-05 15:33 . 2012-04-05 15:33 54272 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{3B3620D0-CE42-47CB-A0C0-434F860BEE55}\Icon68B05021.exe
2012-04-04 19:56 . 2010-07-01 21:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 15:19 . 2012-04-02 15:19 1409 ----a-w- c:\windows\QTFont.for
2012-03-15 12:02 . 2012-01-06 18:35 4194304 ----a-r- c:\windows\system32\cdintf400.dll
2012-03-01 11:01 . 2004-08-04 01:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 01:07 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 01:07 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_13.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-07 21:05 . 2011-10-07 21:05 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f\vcomp90.dll
+ 2012-05-12 23:40 . 2012-05-12 23:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-03-19 17:25 . 2012-04-28 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-03-19 17:25 . 2012-05-12 23:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-07-17 21:31 . 2012-04-28 16:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-12 23:40 . 2012-05-12 23:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-14 10:55 . 2012-05-14 10:55 87952 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2012-04-26 13:05 . 2012-04-26 13:05 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2012-05-14 10:56 . 2012-05-14 10:56 10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
+ 2012-05-14 03:51 . 2012-05-14 03:51 77610 c:\windows\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}\_853F67D554F05449430E7E.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\6c664e4ac26b48379e2361933263407c\WiaProxy32.ni.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2012-05-14 03:51 . 2012-05-14 03:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\b4f63a52bdf34cffb08838afd3b153ba\Interop.WIA.ni.dll
- 2012-04-13 04:29 . 2012-04-13 04:29 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\b4f63a52bdf34cffb08838afd3b153ba\Interop.WIA.ni.dll
- 2010-07-01 21:42 . 2012-05-10 20:44 1984 c:\windows\system32\d3d9caps.dat
+ 2010-07-01 21:42 . 2012-05-14 20:57 1984 c:\windows\system32\d3d9caps.dat
+ 2011-10-07 21:05 . 2011-10-07 21:05 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 641360 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcr90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 853328 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcm90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197\atl90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 323624 c:\windows\system32\wiaaut.dll
- 2004-06-19 02:43 . 2004-06-19 02:43 323624 c:\windows\system32\wiaaut.dll
+ 2008-04-03 00:31 . 2012-05-15 17:43 333856 c:\windows\system32\drivers\fidbox.dat
- 2011-02-10 01:45 . 2012-05-12 12:40 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-02-10 01:45 . 2012-05-15 11:58 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-26 12:50 . 2012-04-26 12:50 284088 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2012-04-26 13:06 . 2012-04-26 13:06 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 366592 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2012-04-26 12:54 . 2012-04-26 12:54 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 544256 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2012-04-26 13:12 . 2012-04-26 13:12 113592 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2012-04-26 13:12 . 2012-04-26 13:12 281016 c:\windows\system32\Adobe\Director\swdir.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2012-05-14 03:51 . 2012-05-14 03:51 498688 c:\windows\Installer\7edc331.msi
+ 2012-05-14 10:56 . 2012-05-14 10:56 430592 c:\windows\Installer\480ad.msi
+ 2012-05-15 12:02 . 2012-05-15 12:02 327680 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000002\UsrClass.dat
+ 2012-05-15 12:02 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-15-2012\ERDNT.EXE
+ 2012-05-14 10:52 . 2012-05-14 10:52 327680 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000002\UsrClass.dat
+ 2012-05-14 10:52 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-14-2012\ERDNT.EXE
+ 2012-05-14 03:52 . 2012-05-14 03:52 902144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\72dcea818b404af2ae5e09c7bfad23c0\PaintDotNet.SystemLayer.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\1b1059b3a8d5e65fc8871e2caa217d77\PaintDotNet.SystemLayer.Native.x86.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 389632 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\ae15108c41b061c424c623c12e929270\PaintDotNet.Resources.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 813568 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\cd3ce965c489d301aaa5129d9c788257\PaintDotNet.Effects.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 582144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\788725a1a509974f4337ed4f8785772a\PaintDotNet.Data.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 862720 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\e215539d16f01a892d6701a7e13c0c22\PaintDotNet.Base.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 547840 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\bac208d52b13a53a1539eaa7e25049b5\ICSharpCode.SharpZipLib.ni.dll
+ 2012-04-26 13:11 . 2012-04-26 13:11 1040824 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1165635.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 1231360 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2012-04-26 12:55 . 2012-04-26 12:55 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 3212288 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\50b952d2e434de143a9ce51d5533f6d2\PaintDotNet.ni.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 1932800 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\83239a3618c3e5cec6ec0e93acdcebab\PaintDotNet.Core.ni.dll
+ 2008-04-03 00:31 . 2012-05-15 17:43 27102752 c:\windows\system32\drivers\fidbox2.dat
+ 2012-05-15 12:02 . 2012-05-15 12:02 21798912 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000001\NTUSER.DAT
+ 2012-05-14 10:52 . 2012-05-14 10:52 21770240 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-09-23 69707]
"KeePass Password Safe"="c:\program files\KeePass Password Safe\KeePass.exe" [2006-10-14 681472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-12-07 84480]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-02-11 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-02-11 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDFViewerPlus\pdfpro5hook.exe" [2010-02-08 1369376]
"PDF5 Registry Controller"="c:\program files\Nuance\PDFViewerPlus\RegistryController.exe" [2010-02-08 62752]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
Epson scanner Registration.lnk - d:\common\EpsonReg\Ereg.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2011-3-27 223232]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-8-8 1101824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2005-6-19 840704]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2004-12-8 1288704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-9 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-25 789008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2005-6-22 36864]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2011-3-27 223232]
XSites Desktop.lnk - c:\program files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe [2008-7-31 374088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk.disabled
backup=c:\windows\pss\Billminder.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2/10/2010 11:30 PM 144672]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [3/27/2011 1:44 PM 276480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 7:26 AM 257696]
S3 DigiCellDriver;DigiCellDriver; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/4/2007 2:58 PM 24344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.SYS [6/19/2005 8:22 AM 23744]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 utiznzyw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utiznzyw.sys --> c:\windows\system32\Drivers\utiznzyw.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:48]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.mortgagenewsdaily.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - {361D6100-9833-4ABA-BB50-7015F325BBF0} - c:\windows\Downloaded Program Files\IEPrint.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: secureserver.net.\www.email
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: IEPrint - hxxp://www.visiontech.ltd.uk/software/download/IEPrint.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 13:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD1D769D-E28C-B9C0-CFF5-59B11659B474}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,4a,be,4f,d8,30,d2,d1,47,e9,98,4f,cf,b8,9b,45,e6,aa,85,20,7e,ca,dc,
51,8a,3c,67,5d,e4,d6,6f,d0,c8,ca,b0,31,4f,10,f0,86,1f,98,97,2c,13,8a,80,c8,\
"??"=hex:5b,3d,f9,88,c2,d3,15,da,1b,1b,82,0a,68,e2,65,fb
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\klogon.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-05-15 14:01:32
ComboFix-quarantined-files.txt 2012-05-15 18:01
ComboFix2.txt 2012-05-12 13:56
ComboFix3.txt 2011-04-26 01:19
ComboFix4.txt 2011-04-24 02:08
ComboFix5.txt 2012-05-15 17:46
.
Pre-Run: 3,268,751,360 bytes free
Post-Run: 3,462,791,168 bytes free
.
- - End Of File - - C40A62BADD75E50E28F39AD41EB1C3F6
ComboFix 12-05-15.04 - Matt 05/15/2012 13:48:24.7.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.768 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dvdpvaws.dll
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-14 17:18 . 2012-05-15 01:37 86016 ----a-w- c:\windows\dvdpvaws.dll
2012-05-14 16:25 . 2012-05-15 00:09 86016 ----a-w- c:\windows\system32\dvdpvaws.dll
2012-05-12 12:36 . 2012-05-12 12:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-05-12 12:25 . 2012-05-12 12:26 -------- d-----w- C:\_OTL
2012-05-09 03:30 . 2012-05-09 03:30 -------- d-----w- c:\documents and settings\Matt\Application Data\Amazon
2012-05-09 03:27 . 2012-05-09 03:27 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 11:48 . 2012-04-06 11:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 11:48 . 2011-05-17 11:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 02:15 . 2005-07-01 00:15 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-04-05 15:33 . 2012-04-05 15:33 54272 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{3B3620D0-CE42-47CB-A0C0-434F860BEE55}\Icon68B05021.exe
2012-04-04 19:56 . 2010-07-01 21:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 15:19 . 2012-04-02 15:19 1409 ----a-w- c:\windows\QTFont.for
2012-03-15 12:02 . 2012-01-06 18:35 4194304 ----a-r- c:\windows\system32\cdintf400.dll
2012-03-01 11:01 . 2004-08-04 01:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 01:07 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 01:07 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_13.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-07 21:05 . 2011-10-07 21:05 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_7fe65c7f\vcomp90.dll
+ 2012-05-12 23:40 . 2012-05-12 23:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-03-19 17:25 . 2012-04-28 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-03-19 17:25 . 2012-05-12 23:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-07-17 21:31 . 2012-04-28 16:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-12 23:40 . 2012-05-12 23:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-05-14 10:55 . 2012-05-14 10:55 87952 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2012-04-26 13:05 . 2012-04-26 13:05 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2012-05-14 10:56 . 2012-05-14 10:56 10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
+ 2012-05-14 03:51 . 2012-05-14 03:51 77610 c:\windows\Installer\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}\_853F67D554F05449430E7E.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\6c664e4ac26b48379e2361933263407c\WiaProxy32.ni.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2012-05-14 03:51 . 2012-05-14 03:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\b4f63a52bdf34cffb08838afd3b153ba\Interop.WIA.ni.dll
- 2012-04-13 04:29 . 2012-04-13 04:29 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\b4f63a52bdf34cffb08838afd3b153ba\Interop.WIA.ni.dll
- 2010-07-01 21:42 . 2012-05-10 20:44 1984 c:\windows\system32\d3d9caps.dat
+ 2010-07-01 21:42 . 2012-05-14 20:57 1984 c:\windows\system32\d3d9caps.dat
+ 2011-10-07 21:05 . 2011-10-07 21:05 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 641360 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcr90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 853328 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcp90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_63af3423\msvcm90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_c44f2197\atl90.dll
+ 2011-10-07 21:05 . 2011-10-07 21:05 323624 c:\windows\system32\wiaaut.dll
- 2004-06-19 02:43 . 2004-06-19 02:43 323624 c:\windows\system32\wiaaut.dll
+ 2008-04-03 00:31 . 2012-05-15 17:43 333856 c:\windows\system32\drivers\fidbox.dat
- 2011-02-10 01:45 . 2012-05-12 12:40 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-02-10 01:45 . 2012-05-15 11:58 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-26 12:50 . 2012-04-26 12:50 284088 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2012-04-26 13:06 . 2012-04-26 13:06 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 366592 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2012-04-26 12:54 . 2012-04-26 12:54 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 544256 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2012-04-26 13:12 . 2012-04-26 13:12 113592 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2012-04-26 13:12 . 2012-04-26 13:12 281016 c:\windows\system32\Adobe\Director\swdir.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2012-05-14 03:51 . 2012-05-14 03:51 498688 c:\windows\Installer\7edc331.msi
+ 2012-05-14 10:56 . 2012-05-14 10:56 430592 c:\windows\Installer\480ad.msi
+ 2012-05-15 12:02 . 2012-05-15 12:02 327680 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000002\UsrClass.dat
+ 2012-05-15 12:02 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-15-2012\ERDNT.EXE
+ 2012-05-14 10:52 . 2012-05-14 10:52 327680 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000002\UsrClass.dat
+ 2012-05-14 10:52 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-14-2012\ERDNT.EXE
+ 2012-05-14 03:52 . 2012-05-14 03:52 902144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\72dcea818b404af2ae5e09c7bfad23c0\PaintDotNet.SystemLayer.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\1b1059b3a8d5e65fc8871e2caa217d77\PaintDotNet.SystemLayer.Native.x86.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 389632 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\ae15108c41b061c424c623c12e929270\PaintDotNet.Resources.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 813568 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\cd3ce965c489d301aaa5129d9c788257\PaintDotNet.Effects.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 582144 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\788725a1a509974f4337ed4f8785772a\PaintDotNet.Data.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 862720 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\e215539d16f01a892d6701a7e13c0c22\PaintDotNet.Base.ni.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 547840 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\bac208d52b13a53a1539eaa7e25049b5\ICSharpCode.SharpZipLib.ni.dll
+ 2012-04-26 13:11 . 2012-04-26 13:11 1040824 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1165635.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 1231360 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2012-04-26 12:55 . 2012-04-26 12:55 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2012-05-14 03:52 . 2012-05-14 03:52 3212288 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\50b952d2e434de143a9ce51d5533f6d2\PaintDotNet.ni.exe
+ 2012-05-14 03:52 . 2012-05-14 03:52 1932800 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\83239a3618c3e5cec6ec0e93acdcebab\PaintDotNet.Core.ni.dll
+ 2008-04-03 00:31 . 2012-05-15 17:43 27102752 c:\windows\system32\drivers\fidbox2.dat
+ 2012-05-15 12:02 . 2012-05-15 12:02 21798912 c:\windows\ERDNT\AutoBackup\5-15-2012\Users\00000001\NTUSER.DAT
+ 2012-05-14 10:52 . 2012-05-14 10:52 21770240 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-09-23 69707]
"KeePass Password Safe"="c:\program files\KeePass Password Safe\KeePass.exe" [2006-10-14 681472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-12-07 84480]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-02-11 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-02-11 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDFViewerPlus\pdfpro5hook.exe" [2010-02-08 1369376]
"PDF5 Registry Controller"="c:\program files\Nuance\PDFViewerPlus\RegistryController.exe" [2010-02-08 62752]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
Epson scanner Registration.lnk - d:\common\EpsonReg\Ereg.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2011-3-27 223232]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-8-8 1101824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2005-6-19 840704]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2004-12-8 1288704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-9 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-25 789008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2005-6-22 36864]
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2011-3-27 223232]
XSites Desktop.lnk - c:\program files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe [2008-7-31 374088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk.disabled
backup=c:\windows\pss\Billminder.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2/10/2010 11:30 PM 144672]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [3/27/2011 1:44 PM 276480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 7:26 AM 257696]
S3 DigiCellDriver;DigiCellDriver; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/4/2007 2:58 PM 24344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\Core Center\NTGLM7X.SYS [6/19/2005 8:22 AM 23744]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 utiznzyw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utiznzyw.sys --> c:\windows\system32\Drivers\utiznzyw.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:48]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.mortgagenewsdaily.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - {361D6100-9833-4ABA-BB50-7015F325BBF0} - c:\windows\Downloaded Program Files\IEPrint.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: secureserver.net.\www.email
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: IEPrint - hxxp://www.visiontech.ltd.uk/software/download/IEPrint.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 13:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD1D769D-E28C-B9C0-CFF5-59B11659B474}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,4a,be,4f,d8,30,d2,d1,47,e9,98,4f,cf,b8,9b,45,e6,aa,85,20,7e,ca,dc,
51,8a,3c,67,5d,e4,d6,6f,d0,c8,ca,b0,31,4f,10,f0,86,1f,98,97,2c,13,8a,80,c8,\
"??"=hex:5b,3d,f9,88,c2,d3,15,da,1b,1b,82,0a,68,e2,65,fb
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\klogon.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-05-15 14:01:32
ComboFix-quarantined-files.txt 2012-05-15 18:01
ComboFix2.txt 2012-05-12 13:56
ComboFix3.txt 2011-04-26 01:19
ComboFix4.txt 2011-04-24 02:08
ComboFix5.txt 2012-05-15 17:46
.
Pre-Run: 3,268,751,360 bytes free
Post-Run: 3,462,791,168 bytes free
.
- - End Of File - - C40A62BADD75E50E28F39AD41EB1C3F6
#30
Posted 15 May 2012 - 12:39 PM
Combofix missed two iterations of it
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exeFile::
c:\windows\dvdpvaws.dll
c:\windows\system32\dvdpvaws.dll
Reg::
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
"compya64"=-
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users