Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible WinLogon malware - see description for details [Closed]


  • This topic is locked This topic is locked

#1
skipperscruise

skipperscruise

    Member

  • Member
  • PipPip
  • 48 posts
Hi,

I've a problem with the PC sometimes just acting erratic after 6 to 8 hours use. Get DLL errors, images errors when opening any application. Also, error boxes are frequently blank with text invisible. Open file manager and there is missing text that appears and disappears erratically when mousing over. When I reboot all is good for another 6 to 8 hours.

Other problems I've noticed are:

1. If I'm using Remote Desktop Connection and the problem happens described above, when I get back to the PC to reboot, it states there's another user logged in when there shouldn't be; I just ignore it and it reboots fine then.

2. I can no longer play MP3's on Winamp but was able to before; winamp acts erratic when trying to play mp3's.

3. Strange Icon's with square boxes as descriptions just appear on the Desktop and stay there.

4. Volume and Safely Remove Hardware do not always start on reboot; sometimes they do sometimes they don't or one starts and not the other.

5. Sometimes Spybot takes a very long time to load on reboot.

Below is the OTL log.

Thank you in advance.

Skipperscruise



OTL logfile created on: 8/20/2012 6:01:34 PM - Run 5
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 281.49 Mb Available Physical Memory | 27.50% Memory free
12.53 Gb Paging File | 11.76 Gb Available in Paging File | 93.82% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 7.83 Gb Free Space | 22.90% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.02 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.75 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 66.61 Gb Free Space | 28.60% Space Free | Partition Type: NTFS

Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 22:07:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.com
PRC - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 08:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/05/14 17:44:00 | 001,236,992 | ---- | M] (SRWare) -- C:\Program Files\SRWare Iron\iron.exe
PRC - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/20 15:05:03 | 001,802,240 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082001\algo.dll
MOD - [2012/08/15 23:20:15 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/06/14 09:48:52 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 09:47:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 08:43:49 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:43:36 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 08:41:39 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:39:17 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:33:03 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/18 19:33:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 19:33:27 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/18 19:33:26 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/18 19:30:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/18 19:30:31 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/18 19:01:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/18 18:58:34 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/18 18:58:17 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/18 18:50:53 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/18 18:50:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/18 18:50:40 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/18 18:50:18 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/18 18:50:03 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/18 18:49:55 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/03/29 00:29:24 | 001,094,158 | ---- | M] () -- C:\Program Files\SRWare Iron\avcodec-53.dll
MOD - [2012/03/29 00:29:24 | 000,183,822 | ---- | M] () -- C:\Program Files\SRWare Iron\avformat-53.dll
MOD - [2012/03/29 00:29:24 | 000,117,262 | ---- | M] () -- C:\Program Files\SRWare Iron\avutil-51.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/05/20 05:18:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2012/06/28 08:52:42 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/06/28 08:52:42 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/06/28 08:52:37 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/06/28 08:52:37 | 000,097,352 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/06/28 08:52:37 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/06/28 08:52:36 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/06/28 08:52:36 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/10 06:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{05157127-2C10-401A-BB4E-FE4B15FB1799}: "URL" = https://duckduckgo.c...q={searchTerms}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/08/16 20:14:52 | 000,444,065 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15252 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Autobackup.lnk = C:\Program Files\KRtech\ERUNTgui\autoRun.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bw+0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {e5d4cc32-6185-42a4-80d2-31af2103682e} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {E5D4CC32-6185-42A4-80D2-31AF2103682E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 21:06:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/21 14:30:01 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Matt\gotomypc_540.exe

========== Files - Modified Within 30 Days ==========

[2012/08/20 18:00:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/20 14:16:45 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/20 13:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 12:41:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/20 07:10:16 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/08/19 23:15:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/08/19 15:49:35 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/08/19 11:48:15 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/17 17:37:29 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/08/17 08:04:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/16 20:14:52 | 000,444,065 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/16 17:49:50 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 17:48:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 17:44:38 | 000,001,701 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Ð
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\`
[2012/07/31 17:52:45 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\Matt\g2mdlhlpx.exe
[2012/07/31 09:06:54 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/07/31 08:53:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/07/31 08:52:27 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Aaron.rdp
[2012/07/23 20:38:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Files Created - No Company Name ==========

[2012/08/02 23:15:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Ð
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\`
[2012/07/31 17:52:44 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Matt\g2mdlhlpx.exe
[2012/07/31 08:52:27 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Aaron.rdp
[2012/07/09 23:28:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/09 23:28:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/09 23:28:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/09 23:28:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/09 23:28:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/15 14:38:18 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/09/13 14:11:48 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2009/05/23 23:12:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/13 11:26:22 | 000,006,557 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\PrimoPDFSet.xml
[2008/04/27 09:52:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\PUTTY.RND
[2007/01/07 20:43:12 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/13 18:01:18 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\Matt\.fotki-uploader300-settings.xml
[2006/01/13 17:59:03 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Matt\.lastFolder
[2005/07/01 23:56:08 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/19 15:24:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/03/19 13:25:56 | 022,806,528 | -H-- | C] () -- C:\Documents and Settings\Matt\NTUSER.bak

========== LOP Check ==========

[2012/06/12 06:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Epson
[2012/07/12 18:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/18 21:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/03 17:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2012/05/28 01:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/07/12 18:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2012/05/19 09:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Oracle
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/08/16 22:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/07/12 18:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/08/16 19:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/02 23:15:34 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\?°) -- C:\Documents and Settings\Matt\Desktop\騐˚
[2012/08/02 23:15:34 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\????????????l) -- C:\Documents and Settings\Matt\Desktop\쒌᤺쒐᤺粐Ȩ粑￿￿Ȣ粑l
[2012/08/02 23:15:34 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\?°) -- C:\Documents and Settings\Matt\Desktop\騐˚
[2012/08/02 23:15:34 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\????????????l) -- C:\Documents and Settings\Matt\Desktop\쒌᤺쒐᤺粐Ȩ粑￿￿Ȣ粑l
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\????????????l) -- C:\Documents and Settings\Matt\Desktop\플᤺픐᤺粐Ȩ粑￿￿Ȣ粑l
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\??????????) -- C:\Documents and Settings\Matt\Desktop\粐컈ᮀ￿￿쮰ᮁ팜᤺
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\??????????) -- C:\Documents and Settings\Matt\Desktop\환᤺駵㵼환᤺馺㵼틴᤺
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\????????$???) -- C:\Documents and Settings\Matt\Desktop\粐컈ᮀ￿￿쮰ᮁ$ጤ瑯
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\????????) -- C:\Documents and Settings\Matt\Desktop\粐컈ᮀ￿￿팘᤺
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\?) -- C:\Documents and Settings\Matt\Desktop\⌨
[2012/08/02 23:15:33 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\?) -- C:\Documents and Settings\Matt\Desktop\௄
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\????????????l) -- C:\Documents and Settings\Matt\Desktop\플᤺픐᤺粐Ȩ粑￿￿Ȣ粑l
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\??????????) -- C:\Documents and Settings\Matt\Desktop\粐컈ᮀ￿￿쮰ᮁ팜᤺
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\??????????) -- C:\Documents and Settings\Matt\Desktop\환᤺駵㵼환᤺馺㵼틴᤺
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\????????$???) -- C:\Documents and Settings\Matt\Desktop\粐컈ᮀ￿￿쮰ᮁ$ጤ瑯
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\????????) -- C:\Documents and Settings\Matt\Desktop\粐컈ᮀ￿￿팘᤺
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\?) -- C:\Documents and Settings\Matt\Desktop\⌨
[2012/08/02 23:15:33 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\?) -- C:\Documents and Settings\Matt\Desktop\௄
[2012/07/24 14:36:27 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\?u???????) -- C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ
[2012/07/24 14:36:27 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\????) -- C:\Documents and Settings\Matt\Desktop\ꭀ㳸硴৔
[2012/07/24 14:36:27 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\?) -- C:\Documents and Settings\Matt\Desktop\က
[2012/07/24 14:36:27 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\?u???????) -- C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ
[2012/07/24 14:36:27 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\????) -- C:\Documents and Settings\Matt\Desktop\ꭀ㳸硴৔
[2012/07/24 14:36:27 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\?) -- C:\Documents and Settings\Matt\Desktop\က
[2012/07/24 14:36:26 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\???) -- C:\Documents and Settings\Matt\Desktop\ﰰܯƿ
[2012/07/24 14:36:26 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\???) -- C:\Documents and Settings\Matt\Desktop\ﰰܯƿ

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01C66DD9
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9FB94D

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please post also Extras.txt log. It should be on your Desktop.

NEXT...

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#3
skipperscruise

skipperscruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi,

Thank you for looking into this.

There was no Extras.txt log from OTL from the 8/29/12 run. FYI, there is an Extras.txt log on the desktop from an old OTL run dated 7/2/12.

Below is the ComboFix log. When Combofix was finished it did not request a reboot.

Thank you

ComboFix 12-08-22.01 - Matt 08/22/2012 9:14.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.443 [GMT -4:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Matt\g2mdlhlpx.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 01:11 . 2005-07-01 00:15 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-08-16 03:20 . 2012-04-06 11:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 03:20 . 2011-05-17 11:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-03-19 17:16 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2010-07-01 21:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 01:07 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 01:07 385024 ----a-w- c:\windows\system32\html.iec
2012-06-28 12:52 . 2012-05-19 01:30 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2012-05-19 01:30 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2012-05-19 01:30 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2012-05-19 01:30 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2012-05-19 01:30 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2012-05-19 01:30 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2012-05-19 01:30 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2012-05-19 01:30 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2012-05-19 01:30 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2012-05-19 01:30 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-05 15:50 . 2007-05-15 19:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-06-21 00:58 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-21 00:58 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-03-19 17:17 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-03-19 17:17 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-03-19 17:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-01-21 04:42 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-06-20 03:31 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2005-03-19 17:17 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-06-21 00:58 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-06-20 03:31 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-03-19 17:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-01-21 04:43 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-01-21 04:43 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2008-10-16 19:07 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-10_03.44.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-18 16:08 . 2011-03-18 16:08 25240 c:\windows\system32\speedfan.sys
- 2004-08-04 01:07 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2012-07-02 17:49 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
- 2010-07-11 14:14 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-07-11 14:14 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-09 01:28 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 01:28 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-07-06 13:58 . 2012-07-06 13:58 78336 c:\windows\system32\dllcache\browser.dll
- 2005-03-19 17:25 . 2012-06-30 13:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-03-19 17:25 . 2012-08-22 03:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-08-22 03:01 . 2012-08-22 03:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-05-19 18:16 . 2012-06-30 13:55 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-07-11 17:00 . 2012-07-11 17:00 22016 c:\windows\Installer\1438408.msi
+ 2005-06-20 23:58 . 2012-07-19 21:41 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2012-08-16 21:44 . 2012-05-11 14:42 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2719985\update\spcustom.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2719985\spmsg.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2718523\update\spcustom.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2718523\spmsg.dll
+ 2012-07-18 11:56 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2698365\update\spcustom.dll
+ 2012-07-18 11:56 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2698365\spmsg.dll
+ 2012-07-12 22:49 . 2012-05-28 18:15 57344 c:\windows\$hf_mig$\KB2698365\SP3QFE\msador15.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2691442\update\spcustom.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2691442\spmsg.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2655992\update\spcustom.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2655992\spmsg.dll
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\system32\giveio.sys
- 2010-07-01 21:42 . 2012-07-09 18:43 1984 c:\windows\system32\d3d9caps.dat
+ 2010-07-01 21:42 . 2012-08-20 18:16 1984 c:\windows\system32\d3d9caps.dat
- 2005-06-20 23:58 . 2012-04-13 04:21 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2012-08-22 11:19 . 2012-08-22 11:19 8192 c:\windows\ERDNT\AutoBackup\08-22-2012\Users\00000004\UsrClass.dat
+ 2012-08-22 11:19 . 2012-08-22 11:19 8192 c:\windows\ERDNT\AutoBackup\08-22-2012\Users\00000002\UsrClass.dat
+ 2012-08-21 11:15 . 2012-08-21 11:15 8192 c:\windows\ERDNT\AutoBackup\08-21-2012\Users\00000004\UsrClass.dat
+ 2012-08-21 11:15 . 2012-08-21 11:15 8192 c:\windows\ERDNT\AutoBackup\08-21-2012\Users\00000002\UsrClass.dat
+ 2012-08-20 11:01 . 2012-08-20 11:01 8192 c:\windows\ERDNT\AutoBackup\08-20-2012\Users\00000004\UsrClass.dat
+ 2012-08-20 11:01 . 2012-08-20 11:01 8192 c:\windows\ERDNT\AutoBackup\08-20-2012\Users\00000002\UsrClass.dat
+ 2012-08-19 15:49 . 2012-08-19 15:49 8192 c:\windows\ERDNT\AutoBackup\08-19-2012\Users\00000004\UsrClass.dat
+ 2012-08-19 15:49 . 2012-08-19 15:49 8192 c:\windows\ERDNT\AutoBackup\08-19-2012\Users\00000002\UsrClass.dat
+ 2012-08-17 11:21 . 2012-08-17 11:21 8192 c:\windows\ERDNT\AutoBackup\08-17-2012\Users\00000004\UsrClass.dat
+ 2012-08-17 11:21 . 2012-08-17 11:21 8192 c:\windows\ERDNT\AutoBackup\08-17-2012\Users\00000002\UsrClass.dat
+ 2012-08-16 11:11 . 2012-08-16 11:11 8192 c:\windows\ERDNT\AutoBackup\08-16-2012\Users\00000004\UsrClass.dat
+ 2012-08-16 11:11 . 2012-08-16 11:11 8192 c:\windows\ERDNT\AutoBackup\08-16-2012\Users\00000002\UsrClass.dat
+ 2012-08-15 12:49 . 2012-08-15 12:49 8192 c:\windows\ERDNT\AutoBackup\08-15-2012\Users\00000004\UsrClass.dat
+ 2012-08-15 12:49 . 2012-08-15 12:49 8192 c:\windows\ERDNT\AutoBackup\08-15-2012\Users\00000002\UsrClass.dat
+ 2012-08-05 11:27 . 2012-08-05 11:27 8192 c:\windows\ERDNT\AutoBackup\08-05-2012\Users\00000004\UsrClass.dat
+ 2012-08-05 11:27 . 2012-08-05 11:27 8192 c:\windows\ERDNT\AutoBackup\08-05-2012\Users\00000002\UsrClass.dat
+ 2012-08-04 11:38 . 2012-08-04 11:38 8192 c:\windows\ERDNT\AutoBackup\08-04-2012\Users\00000004\UsrClass.dat
+ 2012-08-04 11:38 . 2012-08-04 11:38 8192 c:\windows\ERDNT\AutoBackup\08-04-2012\Users\00000002\UsrClass.dat
+ 2012-08-03 11:13 . 2012-08-03 11:13 8192 c:\windows\ERDNT\AutoBackup\08-03-2012\Users\00000004\UsrClass.dat
+ 2012-08-03 11:13 . 2012-08-03 11:13 8192 c:\windows\ERDNT\AutoBackup\08-03-2012\Users\00000002\UsrClass.dat
- 2004-08-04 01:07 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 105984 c:\windows\system32\url.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
+ 2004-08-04 01:07 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
- 2006-11-08 02:03 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2012-07-02 17:49 629760 c:\windows\system32\msfeeds.dll
+ 2012-08-16 03:20 . 2012-08-16 03:20 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-04-06 11:26 . 2012-08-16 03:20 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2004-08-04 01:07 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2004-08-04 01:07 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 01:07 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 01:07 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
+ 2005-03-19 11:57 . 2012-08-16 21:49 306008 c:\windows\system32\FNTCACHE.DAT
- 2005-03-19 11:57 . 2012-06-14 12:45 306008 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 01:07 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
+ 2012-04-11 00:07 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2004-08-04 01:07 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-10-23 17:32 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 01:28 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 01:28 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-05-07 15:32 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
- 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2012-06-14 12:11 . 2012-07-02 17:49 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2012-06-14 12:11 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
+ 2010-07-11 14:14 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-07-11 14:14 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-07-11 14:14 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-07-11 14:14 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 01:07 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 01:07 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-02-10 01:45 . 2012-07-10 03:42 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-02-10 01:45 . 2012-08-22 11:18 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-11-16 16:54 . 2010-11-16 16:54 906240 c:\windows\Installer\4632bf.msp
+ 2010-11-16 16:54 . 2010-11-16 16:54 906240 c:\windows\Installer\39e2a.msp
+ 2012-07-18 11:56 . 2012-07-18 11:56 500736 c:\windows\Installer\2d3c43.msi
+ 2010-11-16 16:54 . 2010-11-16 16:54 906240 c:\windows\Installer\1bae06.msp
- 2012-04-13 04:10 . 2012-04-13 04:10 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-08-16 21:45 . 2012-08-16 21:45 135168 c:\windows\Installer\{90A40409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2005-06-20 23:58 . 2012-04-13 04:21 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2005-06-20 23:58 . 2012-07-19 21:41 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2012-08-16 21:44 . 2012-05-16 15:08 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-16 21:44 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-16 21:44 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-16 21:44 . 2012-05-11 14:42 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-16 21:44 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2012-08-05 11:27 . 2012-08-05 11:27 376832 c:\windows\ERDNT\AutoBackup\8-5-2012\Users\00000002\UsrClass.dat
+ 2012-08-05 11:27 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-5-2012\ERDNT.EXE
+ 2012-08-04 11:38 . 2012-08-04 11:38 376832 c:\windows\ERDNT\AutoBackup\8-4-2012\Users\00000002\UsrClass.dat
+ 2012-08-04 11:38 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-4-2012\ERDNT.EXE
+ 2012-08-03 11:13 . 2012-08-03 11:13 376832 c:\windows\ERDNT\AutoBackup\8-3-2012\Users\00000002\UsrClass.dat
+ 2012-08-03 11:13 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-3-2012\ERDNT.EXE
+ 2012-08-22 11:18 . 2012-08-22 11:18 376832 c:\windows\ERDNT\AutoBackup\8-22-2012\Users\00000002\UsrClass.dat
+ 2012-08-22 11:18 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-22-2012\ERDNT.EXE
+ 2012-08-21 11:14 . 2012-08-21 11:14 376832 c:\windows\ERDNT\AutoBackup\8-21-2012\Users\00000002\UsrClass.dat
+ 2012-08-21 11:14 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-21-2012\ERDNT.EXE
+ 2012-08-20 11:01 . 2012-08-20 11:01 376832 c:\windows\ERDNT\AutoBackup\8-20-2012\Users\00000002\UsrClass.dat
+ 2012-08-20 11:01 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-20-2012\ERDNT.EXE
+ 2012-08-02 11:06 . 2012-08-02 11:06 376832 c:\windows\ERDNT\AutoBackup\8-2-2012\Users\00000002\UsrClass.dat
+ 2012-08-02 11:06 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-2-2012\ERDNT.EXE
+ 2012-08-19 15:49 . 2012-08-19 15:49 376832 c:\windows\ERDNT\AutoBackup\8-19-2012\Users\00000002\UsrClass.dat
+ 2012-08-19 15:49 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-19-2012\ERDNT.EXE
+ 2012-08-17 11:21 . 2012-08-17 11:21 376832 c:\windows\ERDNT\AutoBackup\8-17-2012\Users\00000002\UsrClass.dat
+ 2012-08-17 11:21 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-17-2012\ERDNT.EXE
+ 2012-08-16 11:10 . 2012-08-16 11:10 376832 c:\windows\ERDNT\AutoBackup\8-16-2012\Users\00000002\UsrClass.dat
+ 2012-08-16 11:10 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-16-2012\ERDNT.EXE
+ 2012-08-15 12:48 . 2012-08-15 12:48 376832 c:\windows\ERDNT\AutoBackup\8-15-2012\Users\00000002\UsrClass.dat
+ 2012-08-15 12:48 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-15-2012\ERDNT.EXE
+ 2012-08-01 10:37 . 2012-08-01 10:37 376832 c:\windows\ERDNT\AutoBackup\8-1-2012\Users\00000002\UsrClass.dat
+ 2012-08-01 10:37 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-1-2012\ERDNT.EXE
+ 2012-07-31 11:04 . 2012-07-31 11:04 376832 c:\windows\ERDNT\AutoBackup\7-31-2012\Users\00000002\UsrClass.dat
+ 2012-07-31 11:04 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-31-2012\ERDNT.EXE
+ 2012-07-30 11:04 . 2012-07-30 11:04 376832 c:\windows\ERDNT\AutoBackup\7-30-2012\Users\00000002\UsrClass.dat
+ 2012-07-30 11:04 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-30-2012\ERDNT.EXE
+ 2012-07-29 20:19 . 2012-07-29 20:19 376832 c:\windows\ERDNT\AutoBackup\7-29-2012\Users\00000002\UsrClass.dat
+ 2012-07-29 20:19 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-29-2012\ERDNT.EXE
+ 2012-07-27 11:09 . 2012-07-27 11:09 376832 c:\windows\ERDNT\AutoBackup\7-27-2012\Users\00000002\UsrClass.dat
+ 2012-07-27 11:09 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-27-2012\ERDNT.EXE
+ 2012-07-26 11:12 . 2012-07-26 11:12 376832 c:\windows\ERDNT\AutoBackup\7-26-2012\Users\00000002\UsrClass.dat
+ 2012-07-26 11:12 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-26-2012\ERDNT.EXE
+ 2012-07-25 11:31 . 2012-07-25 11:31 376832 c:\windows\ERDNT\AutoBackup\7-25-2012\Users\00000002\UsrClass.dat
+ 2012-07-25 11:31 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-25-2012\ERDNT.EXE
+ 2012-07-24 10:56 . 2012-07-24 10:56 376832 c:\windows\ERDNT\AutoBackup\7-24-2012\Users\00000002\UsrClass.dat
+ 2012-07-24 10:56 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-24-2012\ERDNT.EXE
+ 2012-07-23 11:20 . 2012-07-23 11:20 376832 c:\windows\ERDNT\AutoBackup\7-23-2012\Users\00000002\UsrClass.dat
+ 2012-07-23 11:20 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-23-2012\ERDNT.EXE
+ 2012-07-22 11:46 . 2012-07-22 11:46 376832 c:\windows\ERDNT\AutoBackup\7-22-2012\Users\00000002\UsrClass.dat
+ 2012-07-22 11:46 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-22-2012\ERDNT.EXE
+ 2012-07-21 13:07 . 2012-07-21 13:07 376832 c:\windows\ERDNT\AutoBackup\7-21-2012\Users\00000002\UsrClass.dat
+ 2012-07-21 13:07 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-21-2012\ERDNT.EXE
+ 2012-07-20 11:07 . 2012-07-20 11:07 376832 c:\windows\ERDNT\AutoBackup\7-20-2012\Users\00000002\UsrClass.dat
+ 2012-07-20 11:07 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-20-2012\ERDNT.EXE
+ 2012-07-19 11:05 . 2012-07-19 11:05 376832 c:\windows\ERDNT\AutoBackup\7-19-2012\Users\00000002\UsrClass.dat
+ 2012-07-19 11:05 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-19-2012\ERDNT.EXE
+ 2012-07-18 11:07 . 2012-07-18 11:07 376832 c:\windows\ERDNT\AutoBackup\7-18-2012\Users\00000002\UsrClass.dat
+ 2012-07-18 11:07 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-18-2012\ERDNT.EXE
+ 2012-07-17 11:04 . 2012-07-17 11:04 376832 c:\windows\ERDNT\AutoBackup\7-17-2012\Users\00000002\UsrClass.dat
+ 2012-07-17 11:04 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-17-2012\ERDNT.EXE
+ 2012-07-16 10:58 . 2012-07-16 10:58 376832 c:\windows\ERDNT\AutoBackup\7-16-2012\Users\00000002\UsrClass.dat
+ 2012-07-16 10:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-16-2012\ERDNT.EXE
+ 2012-07-15 20:00 . 2012-07-15 20:00 376832 c:\windows\ERDNT\AutoBackup\7-15-2012\Users\00000002\UsrClass.dat
+ 2012-07-15 20:00 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-15-2012\ERDNT.EXE
+ 2012-07-13 10:56 . 2012-07-13 10:56 376832 c:\windows\ERDNT\AutoBackup\7-13-2012\Users\00000002\UsrClass.dat
+ 2012-07-13 10:56 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-13-2012\ERDNT.EXE
+ 2012-07-12 10:55 . 2012-07-12 10:55 376832 c:\windows\ERDNT\AutoBackup\7-12-2012\Users\00000002\UsrClass.dat
+ 2012-07-12 10:55 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-12-2012\ERDNT.EXE
+ 2012-08-22 11:19 . 2012-08-22 11:19 376832 c:\windows\ERDNT\AutoBackup\08-22-2012\Users\00000006\UsrClass.dat
+ 2012-08-22 11:19 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-22-2012\ERDNT.EXE
+ 2012-08-21 11:15 . 2012-08-21 11:15 376832 c:\windows\ERDNT\AutoBackup\08-21-2012\Users\00000006\UsrClass.dat
+ 2012-08-21 11:15 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-21-2012\ERDNT.EXE
+ 2012-08-20 11:01 . 2012-08-20 11:01 376832 c:\windows\ERDNT\AutoBackup\08-20-2012\Users\00000006\UsrClass.dat
+ 2012-08-20 11:01 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-20-2012\ERDNT.EXE
+ 2012-08-19 15:49 . 2012-08-19 15:49 376832 c:\windows\ERDNT\AutoBackup\08-19-2012\Users\00000006\UsrClass.dat
+ 2012-08-19 15:49 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-19-2012\ERDNT.EXE
+ 2012-08-17 11:21 . 2012-08-17 11:21 376832 c:\windows\ERDNT\AutoBackup\08-17-2012\Users\00000006\UsrClass.dat
+ 2012-08-17 11:21 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-17-2012\ERDNT.EXE
+ 2012-08-16 11:11 . 2012-08-16 11:11 376832 c:\windows\ERDNT\AutoBackup\08-16-2012\Users\00000006\UsrClass.dat
+ 2012-08-16 11:11 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-16-2012\ERDNT.EXE
+ 2012-08-15 12:49 . 2012-08-15 12:49 376832 c:\windows\ERDNT\AutoBackup\08-15-2012\Users\00000006\UsrClass.dat
+ 2012-08-15 12:49 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-15-2012\ERDNT.EXE
+ 2012-08-05 11:27 . 2012-08-05 11:27 376832 c:\windows\ERDNT\AutoBackup\08-05-2012\Users\00000006\UsrClass.dat
+ 2012-08-05 11:27 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-05-2012\ERDNT.EXE
+ 2012-08-04 11:38 . 2012-08-04 11:38 376832 c:\windows\ERDNT\AutoBackup\08-04-2012\Users\00000006\UsrClass.dat
+ 2012-08-04 11:38 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-04-2012\ERDNT.EXE
+ 2012-08-03 11:13 . 2012-08-03 11:13 376832 c:\windows\ERDNT\AutoBackup\08-03-2012\Users\00000006\UsrClass.dat
+ 2012-08-03 11:13 . 2011-08-04 22:59 163328 c:\windows\ERDNT\AutoBackup\08-03-2012\ERDNT.EXE
+ 2012-07-19 02:26 . 2012-07-19 02:26 376832 c:\windows\ERDNT\7-18-2012\Users\00000002\UsrClass.dat
+ 2012-07-19 02:26 . 2005-10-20 16:02 163328 c:\windows\ERDNT\7-18-2012\ERDNT.EXE
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2719985$\spuninst\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2719985$\spuninst\spuninst.exe
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2718523$\spuninst\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2718523$\spuninst\spuninst.exe
+ 2012-07-18 11:56 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2698365$\spuninst\updspapi.dll
+ 2012-07-18 11:56 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2698365$\spuninst\spuninst.exe
+ 2012-07-18 11:56 . 2010-11-09 14:52 536576 c:\windows\$NtUninstallKB2698365$\msado15.dll
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2691442$\spuninst\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2691442$\spuninst\spuninst.exe
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2655992$\spuninst\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2655992$\spuninst\spuninst.exe
+ 2012-07-18 11:59 . 2011-11-16 14:21 152064 c:\windows\$NtUninstallKB2655992$\schannel.dll
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2719985\update\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2719985\update\update.exe
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2719985\spuninst.exe
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2718523\update\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2718523\update\update.exe
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2718523\spuninst.exe
+ 2012-07-18 11:56 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2698365\update\updspapi.dll
+ 2012-07-18 11:56 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2698365\update\update.exe
+ 2012-07-18 11:56 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2698365\spuninst.exe
+ 2012-07-12 22:49 . 2012-05-28 18:15 102400 c:\windows\$hf_mig$\KB2698365\SP3QFE\msjro.dll
+ 2012-07-12 22:49 . 2012-05-28 18:15 200704 c:\windows\$hf_mig$\KB2698365\SP3QFE\msadox.dll
+ 2012-07-12 22:49 . 2012-05-28 18:15 180224 c:\windows\$hf_mig$\KB2698365\SP3QFE\msadomd.dll
+ 2012-07-12 22:49 . 2012-05-28 18:15 565248 c:\windows\$hf_mig$\KB2698365\SP3QFE\msado15.dll
+ 2012-07-12 22:49 . 2012-05-28 18:15 143360 c:\windows\$hf_mig$\KB2698365\SP3QFE\msadco.dll
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2691442\update\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2691442\update\update.exe
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2691442\spuninst.exe
+ 2012-07-18 11:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2655992\update\updspapi.dll
+ 2012-07-18 11:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2655992\update\update.exe
+ 2012-07-18 11:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2655992\spuninst.exe
+ 2012-06-04 04:31 . 2012-06-04 04:31 153088 c:\windows\$hf_mig$\KB2655992\SP3QFE\schannel.dll
+ 2012-06-25 20:07 . 2012-06-25 20:07 1394248 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.30.2114.0_x-ww_ea694a9a\msxml4.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 01:07 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 6008320 c:\windows\system32\mshtml.dll
+ 2012-08-16 03:20 . 2012-08-16 03:20 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2006-10-17 16:57 . 2012-07-02 17:49 2000384 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2008-10-15 21:46 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 01:07 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 01:07 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
+ 2008-07-28 22:05 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-07-28 22:05 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2009-01-21 04:57 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-01-21 04:57 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-04 01:07 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 01:28 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 01:28 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-16 21:44 . 2012-05-11 14:42 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2012-08-22 11:19 . 2012-08-22 11:19 1277952 c:\windows\ERDNT\AutoBackup\08-22-2012\Users\00000003\NTUSER.DAT
+ 2012-08-22 11:19 . 2012-08-22 11:19 1277952 c:\windows\ERDNT\AutoBackup\08-22-2012\Users\00000001\NTUSER.DAT
+ 2012-08-21 11:15 . 2012-08-21 11:15 1277952 c:\windows\ERDNT\AutoBackup\08-21-2012\Users\00000003\NTUSER.DAT
+ 2012-08-21 11:15 . 2012-08-21 11:15 1277952 c:\windows\ERDNT\AutoBackup\08-21-2012\Users\00000001\NTUSER.DAT
+ 2012-08-20 11:01 . 2012-08-20 11:01 1277952 c:\windows\ERDNT\AutoBackup\08-20-2012\Users\00000003\NTUSER.DAT
+ 2012-08-20 11:01 . 2012-08-20 11:01 1277952 c:\windows\ERDNT\AutoBackup\08-20-2012\Users\00000001\NTUSER.DAT
+ 2012-08-19 15:49 . 2012-08-19 15:49 1277952 c:\windows\ERDNT\AutoBackup\08-19-2012\Users\00000003\NTUSER.DAT
+ 2012-08-19 15:49 . 2012-08-19 15:49 1277952 c:\windows\ERDNT\AutoBackup\08-19-2012\Users\00000001\NTUSER.DAT
+ 2012-08-17 11:21 . 2012-08-17 11:21 1277952 c:\windows\ERDNT\AutoBackup\08-17-2012\Users\00000003\NTUSER.DAT
+ 2012-08-17 11:21 . 2012-08-17 11:21 1277952 c:\windows\ERDNT\AutoBackup\08-17-2012\Users\00000001\NTUSER.DAT
+ 2012-08-16 11:11 . 2012-08-16 11:11 1277952 c:\windows\ERDNT\AutoBackup\08-16-2012\Users\00000003\NTUSER.DAT
+ 2012-08-16 11:11 . 2012-08-16 11:11 1277952 c:\windows\ERDNT\AutoBackup\08-16-2012\Users\00000001\NTUSER.DAT
+ 2012-08-15 12:49 . 2012-08-15 12:49 1277952 c:\windows\ERDNT\AutoBackup\08-15-2012\Users\00000003\NTUSER.DAT
+ 2012-08-15 12:49 . 2012-08-15 12:49 1277952 c:\windows\ERDNT\AutoBackup\08-15-2012\Users\00000001\NTUSER.DAT
+ 2012-08-05 11:27 . 2012-08-05 11:27 1277952 c:\windows\ERDNT\AutoBackup\08-05-2012\Users\00000003\NTUSER.DAT
+ 2012-08-05 11:27 . 2012-08-05 11:27 1277952 c:\windows\ERDNT\AutoBackup\08-05-2012\Users\00000001\NTUSER.DAT
+ 2012-08-04 11:38 . 2012-08-04 11:38 1277952 c:\windows\ERDNT\AutoBackup\08-04-2012\Users\00000003\NTUSER.DAT
+ 2012-08-04 11:38 . 2012-08-04 11:38 1277952 c:\windows\ERDNT\AutoBackup\08-04-2012\Users\00000001\NTUSER.DAT
+ 2012-08-03 11:13 . 2012-08-03 11:13 1277952 c:\windows\ERDNT\AutoBackup\08-03-2012\Users\00000003\NTUSER.DAT
+ 2012-08-03 11:13 . 2012-08-03 11:13 1277952 c:\windows\ERDNT\AutoBackup\08-03-2012\Users\00000001\NTUSER.DAT
+ 2012-07-18 11:59 . 2009-07-31 15:05 1372672 c:\windows\$NtUninstallKB2719985$\msxml6.dll
+ 2012-07-18 11:59 . 2010-06-14 07:41 1172480 c:\windows\$NtUninstallKB2719985$\msxml3.dll
+ 2012-07-18 11:59 . 2012-05-15 13:20 1863168 c:\windows\$NtUninstallKB2718523$\win32k.sys
+ 2012-07-18 11:59 . 2011-01-21 14:44 8462336 c:\windows\$NtUninstallKB2691442$\shell32.dll
+ 2012-06-05 15:48 . 2012-06-05 15:48 1447936 c:\windows\$hf_mig$\KB2719985\SP3QFE\msxml6.dll
+ 2012-06-05 15:48 . 2012-06-05 15:48 1172480 c:\windows\$hf_mig$\KB2719985\SP3QFE\msxml3.dll
+ 2012-07-12 22:50 . 2012-06-13 13:29 1875072 c:\windows\$hf_mig$\KB2718523\SP3QFE\win32k.sys
+ 2012-06-08 14:24 . 2012-06-08 14:24 8463872 c:\windows\$hf_mig$\KB2691442\SP3QFE\shell32.dll
+ 2005-06-20 03:37 . 2012-08-16 21:45 59884088 c:\windows\system32\MRT.exe
- 2006-11-08 02:03 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
+ 2006-11-08 02:03 . 2012-07-03 03:19 11111424 c:\windows\system32\ieframe.dll
+ 2007-05-09 01:28 . 2012-07-03 03:19 11111424 c:\windows\system32\dllcache\ieframe.dll
- 2007-05-09 01:28 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-08-17 01:06 . 2012-08-17 01:06 98586624 c:\windows\Installer\b43d3d.msp
+ 2012-07-17 14:17 . 2012-07-17 14:17 22363136 c:\windows\Installer\115356.msp
+ 2012-08-16 21:44 . 2012-05-12 00:12 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
+ 2012-08-05 11:27 . 2012-08-05 11:27 23130112 c:\windows\ERDNT\AutoBackup\8-5-2012\Users\00000001\NTUSER.DAT
+ 2012-08-04 11:38 . 2012-08-04 11:38 23130112 c:\windows\ERDNT\AutoBackup\8-4-2012\Users\00000001\NTUSER.DAT
+ 2012-08-03 11:13 . 2012-08-03 11:13 23130112 c:\windows\ERDNT\AutoBackup\8-3-2012\Users\00000001\NTUSER.DAT
+ 2012-08-22 11:18 . 2012-08-22 11:18 23195648 c:\windows\ERDNT\AutoBackup\8-22-2012\Users\00000001\NTUSER.DAT
+ 2012-08-21 11:14 . 2012-08-21 11:14 23162880 c:\windows\ERDNT\AutoBackup\8-21-2012\Users\00000001\NTUSER.DAT
+ 2012-08-20 11:01 . 2012-08-20 11:01 23126016 c:\windows\ERDNT\AutoBackup\8-20-2012\Users\00000001\NTUSER.DAT
+ 2012-08-02 11:06 . 2012-08-02 11:06 23121920 c:\windows\ERDNT\AutoBackup\8-2-2012\Users\00000001\NTUSER.DAT
+ 2012-08-19 15:49 . 2012-08-19 15:49 23126016 c:\windows\ERDNT\AutoBackup\8-19-2012\Users\00000001\NTUSER.DAT
+ 2012-08-17 11:21 . 2012-08-17 11:21 23126016 c:\windows\ERDNT\AutoBackup\8-17-2012\Users\00000001\NTUSER.DAT
+ 2012-08-16 11:10 . 2012-08-16 11:10 23130112 c:\windows\ERDNT\AutoBackup\8-16-2012\Users\00000001\NTUSER.DAT
+ 2012-08-15 12:48 . 2012-08-15 12:48 23130112 c:\windows\ERDNT\AutoBackup\8-15-2012\Users\00000001\NTUSER.DAT
+ 2012-08-01 10:37 . 2012-08-01 10:37 23121920 c:\windows\ERDNT\AutoBackup\8-1-2012\Users\00000001\NTUSER.DAT
+ 2012-07-31 11:04 . 2012-07-31 11:04 23121920 c:\windows\ERDNT\AutoBackup\7-31-2012\Users\00000001\NTUSER.DAT
+ 2012-07-30 11:04 . 2012-07-30 11:04 23121920 c:\windows\ERDNT\AutoBackup\7-30-2012\Users\00000001\NTUSER.DAT
+ 2012-07-29 20:19 . 2012-07-29 20:19 23121920 c:\windows\ERDNT\AutoBackup\7-29-2012\Users\00000001\NTUSER.DAT
+ 2012-07-27 11:09 . 2012-07-27 11:09 23072768 c:\windows\ERDNT\AutoBackup\7-27-2012\Users\00000001\NTUSER.DAT
+ 2012-07-26 11:12 . 2012-07-26 11:12 23056384 c:\windows\ERDNT\AutoBackup\7-26-2012\Users\00000001\NTUSER.DAT
+ 2012-07-25 11:31 . 2012-07-25 11:31 23019520 c:\windows\ERDNT\AutoBackup\7-25-2012\Users\00000001\NTUSER.DAT
+ 2012-07-24 10:56 . 2012-07-24 10:56 22994944 c:\windows\ERDNT\AutoBackup\7-24-2012\Users\00000001\NTUSER.DAT
+ 2012-07-23 11:20 . 2012-07-23 11:20 22970368 c:\windows\ERDNT\AutoBackup\7-23-2012\Users\00000001\NTUSER.DAT
+ 2012-07-22 11:46 . 2012-07-22 11:46 22962176 c:\windows\ERDNT\AutoBackup\7-22-2012\Users\00000001\NTUSER.DAT
+ 2012-07-21 13:07 . 2012-07-21 13:07 22962176 c:\windows\ERDNT\AutoBackup\7-21-2012\Users\00000001\NTUSER.DAT
+ 2012-07-20 11:07 . 2012-07-20 11:07 22949888 c:\windows\ERDNT\AutoBackup\7-20-2012\Users\00000001\NTUSER.DAT
+ 2012-07-19 11:05 . 2012-07-19 11:05 22900736 c:\windows\ERDNT\AutoBackup\7-19-2012\Users\00000001\NTUSER.DAT
+ 2012-07-18 11:07 . 2012-07-18 11:07 22880256 c:\windows\ERDNT\AutoBackup\7-18-2012\Users\00000001\NTUSER.DAT
+ 2012-07-17 11:04 . 2012-07-17 11:04 22880256 c:\windows\ERDNT\AutoBackup\7-17-2012\Users\00000001\NTUSER.DAT
+ 2012-07-16 10:58 . 2012-07-16 10:58 22863872 c:\windows\ERDNT\AutoBackup\7-16-2012\Users\00000001\NTUSER.DAT
+ 2012-07-15 20:00 . 2012-07-15 20:00 22859776 c:\windows\ERDNT\AutoBackup\7-15-2012\Users\00000001\NTUSER.DAT
+ 2012-07-13 10:56 . 2012-07-13 10:56 22859776 c:\windows\ERDNT\AutoBackup\7-13-2012\Users\00000001\NTUSER.DAT
+ 2012-07-12 10:55 . 2012-07-12 10:55 22843392 c:\windows\ERDNT\AutoBackup\7-12-2012\Users\00000001\NTUSER.DAT
+ 2012-08-22 11:19 . 2012-08-22 11:19 23195648 c:\windows\ERDNT\AutoBackup\08-22-2012\Users\00000005\NTUSER.DAT
+ 2012-08-21 11:15 . 2012-08-21 11:15 23162880 c:\windows\ERDNT\AutoBackup\08-21-2012\Users\00000005\NTUSER.DAT
+ 2012-08-20 11:01 . 2012-08-20 11:01 23126016 c:\windows\ERDNT\AutoBackup\08-20-2012\Users\00000005\NTUSER.DAT
+ 2012-08-19 15:49 . 2012-08-19 15:49 23126016 c:\windows\ERDNT\AutoBackup\08-19-2012\Users\00000005\NTUSER.DAT
+ 2012-08-17 11:21 . 2012-08-17 11:21 23126016 c:\windows\ERDNT\AutoBackup\08-17-2012\Users\00000005\NTUSER.DAT
+ 2012-08-16 11:11 . 2012-08-16 11:11 23130112 c:\windows\ERDNT\AutoBackup\08-16-2012\Users\00000005\NTUSER.DAT
+ 2012-08-15 12:49 . 2012-08-15 12:49 23130112 c:\windows\ERDNT\AutoBackup\08-15-2012\Users\00000005\NTUSER.DAT
+ 2012-08-05 11:27 . 2012-08-05 11:27 23130112 c:\windows\ERDNT\AutoBackup\08-05-2012\Users\00000005\NTUSER.DAT
+ 2012-08-04 11:38 . 2012-08-04 11:38 23130112 c:\windows\ERDNT\AutoBackup\08-04-2012\Users\00000005\NTUSER.DAT
+ 2012-08-03 11:13 . 2012-08-03 11:13 23130112 c:\windows\ERDNT\AutoBackup\08-03-2012\Users\00000005\NTUSER.DAT
+ 2012-07-19 02:26 . 2012-07-19 02:26 22896640 c:\windows\ERDNT\7-18-2012\Users\00000001\NTUSER.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-09-23 69707]
"KeePass Password Safe"="c:\program files\KeePass Password Safe\KeePass.exe" [2006-10-14 681472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-12-07 84480]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
Autobackup.lnk - c:\program files\KRtech\ERUNTgui\autoRun.exe [2012-5-28 1269248]
Epson scanner Registration.lnk - d:\common\EpsonReg\Ereg.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-5-9 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-2-25 789008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk.disabled
backup=c:\windows\pss\Billminder.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk
backup=c:\windows\pss\CoreCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DigiCell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk
backup=c:\windows\pss\DigiCell.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Serviio.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Serviio.lnk
backup=c:\windows\pss\Serviio.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^XSites Desktop.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\XSites Desktop.lnk
backup=c:\windows\pss\XSites Desktop.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Serviio.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Serviio.lnk
backup=c:\windows\pss\Serviio.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Stickies.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-02-11 03:27 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 20:06 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-02-11 03:32 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-02-08 22:31 62752 ----a-w- c:\program files\Nuance\PDFViewerPlus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-02-08 22:32 1369376 ----a-w- c:\program files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-04-10 10:17 452880 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-26 03:10 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/18/2012 9:30 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/18/2012 9:30 PM 353688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/18/2012 9:30 PM 21256]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2/10/2010 11:30 PM 144672]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S3 DigiCellDriver;DigiCellDriver; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 8:55 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 utiznzyw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utiznzyw.sys --> c:\windows\system32\Drivers\utiznzyw.sys [?]
S4 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [3/27/2011 1:44 PM 276480]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 00:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.mortgagenewsdaily.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {{3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - {361D6100-9833-4ABA-BB50-7015F325BBF0} - c:\windows\Downloaded Program Files\IEPrint.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: secureserver.net.\www.email
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: IEPrint - hxxp://www.visiontech.ltd.uk/software/download/IEPrint.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-22 09:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD1D769D-E28C-B9C0-CFF5-59B11659B474}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,4a,be,4f,d8,30,d2,d1,47,e9,98,4f,cf,b8,9b,45,e6,aa,85,20,7e,ca,dc,
51,8a,3c,67,5d,e4,d6,6f,d0,c8,ca,b0,31,4f,10,f0,86,1f,98,97,2c,13,8a,80,c8,\
"??"=hex:5b,3d,f9,88,c2,d3,15,da,1b,1b,82,0a,68,e2,65,fb
.
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-08-22 09:31:09
ComboFix-quarantined-files.txt 2012-08-22 13:30
ComboFix2.txt 2012-07-10 03:52
.
Pre-Run: 8,920,756,224 bytes free
Post-Run: 9,196,584,960 bytes free
.
- - End Of File - - F5F6DAB91395ECF79343BC2767A93C79
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Let's create a fresh extras.txt log. Please follow instructions below:

OTL Extras Scan

  • Double click on the Posted Image icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on None button at the top.
  • Under the Extra Registry section, check Use SafeList
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of Extras.txt and post it.

  • 0

#5
skipperscruise

skipperscruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here's the extras.txt:

OTL Extras logfile created on: 8/22/2012 12:53:00 PM - Run 7
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 374.30 Mb Available Physical Memory | 36.57% Memory free
12.53 Gb Paging File | 11.97 Gb Available in Paging File | 95.54% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 8.58 Gb Free Space | 25.11% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.02 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.75 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 66.60 Gb Free Space | 28.60% Space Free | Partition Type: NTFS

Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"23423:TCP" = 23423:TCP:LocalSubNet:Enabled:Serviio
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Serviio\bin\ServiioService.exe" = C:\Program Files\Serviio\bin\ServiioService.exe:*:Enabled:Serviio -- ()
"C:\Program Files\Serviio\bin\ServiioConsole.exe" = C:\Program Files\Serviio\bin\ServiioConsole.exe:*:Enabled:Serviio -- ()
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{097CD098-D31F-4A6B-9C9D-1647E2F06DC6}" = Nuance PDF Viewer Plus
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15C768E2-AB61-4DE3-952F-6B237A834951}" = Adobe Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{190601AF-7BE4-046E-CEBF-14EE74434250}" = AMD Catalyst Install Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D0F29D-AB95-4598-ACF0-D3CC38C161D9}" = WorkForce GT-1500 Scanner Driver Update
"{3828EC4B-D4B9-A742-4D81-9C0A3C72DF8A}" = CCC Help English
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A7FE907-65AE-4D6B-A864-B515C71B078C}" = ATI Decoder
"{3B3620D0-CE42-47CB-A0C0-434F860BEE55}" = BytePro
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.03
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5FA2617F-999A-4C74-985D-08E678C13D5C}" = Amazing Adventures - The Caribbean Secret
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{82931CCC-65F4-5A50-57AD-AE6DF6B10929}" = Catalyst Control Center
"{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B15F6758-D185-4377-9F3A-7B30B03E9A97}" = MSI DigiCell
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B977686C-1ACE-45A1-A7A3-A1FCB979A684}" = Nuance PaperPort 12
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version SRWare Iron 18.0.1050.1
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC67DD84-77C6-C9F8-FA03-953F1C1C92A9}" = Catalyst Control Center InstallProxy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6F9778-35DE-42D1-8C61-C5C69DCF8927}" = Google Analytics Opt-out Browser Add-on
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D29092CC-0AD2-7B53-A090-4CC3D33A1033}" = Nero 7 Demo
"{D41864EF-CC5D-4CF4-B0B9-CA3152164157}" = ISIS Driver - EPSON GT-1500 v1.0
"{D6C35F0E-D09D-4177-BAEE-4D412D749A96}" = Point
"{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3
"{DD68AE74-98BA-4ABE-B11E-30F39206ECE8}" = Point 7.2
"{E16110F7-1C85-4675-99F4-7938F832C825}" = Adobe Fireworks CS3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED01E4E5-D744-4BC2-A799-46E6D5DEBE0F}" = Google AdWords Editor
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE99E4FB-ED4C-4303-A490-C05948287123}" = Presto! BizCard 5 (English Version)
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}" = Point
"{F9956472-6E16-4F83-BF9A-F887EF4A45B7}" = EPSON Scan PDF EXtensions
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Ad-Aware SE Plus" = Ad-Aware SE Plus
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AnalogX CookieWall" = AnalogX CookieWall
"Any Password_is1" = Any Password 1.44
"Atomic Email Hunter_is1" = Atomic Email Hunter
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.2 (Unicode)
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 7.2
"CCNA Network Visualizer 5.0" = CCNA Network Visualizer 5.0
"Core Center" = Core Center
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ERUNTgui_is1" = ERUNTgui
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FBReader for Windows" = FBReader for Windows
"FeedReader_is1" = FeedReader
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.0.10
"FLV Player" = FLV Player 2.0, build 24
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3A7FE907-65AE-4D6B-A864-B515C71B078C}" = ATI Decoder
"InstallShield_{8988F5D0-C83F-41F4-B41B-86031F9B37F5}" = ATI Multimedia Center 9.02.2
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{E5F38322-4271-4855-8619-39C311E3518D}" = XSites Desktop
"Invisible Browsing_is1" = Invisible Browsing 5.0
"KeePass Password Safe_is1" = KeePass Password Safe 1.06
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MeridianLink Site Security Certificate" = MeridianLink Site Security Certificate
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quicken 2002 Deluxe" = Quicken 2002 Deluxe
"Sandboxie" = Sandboxie 3.68 (32-bit)
"Savings Bond Wizard" = Savings Bond Wizard
"Serviio" = Serviio
"Silent Package Run-Time Sample" = EPSON GT-1500 User's Guide
"Sound Solution" = Sound Solution 1.31b
"SpeedFan" = SpeedFan (remove only)
"SqrSoftACFDW" = SqrSoft® Advanced Crossfading (remove only)
"TagBot" = TagBot
"Tera Term Pro" = Tera Term Pro
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"TurboTax 2011" = TurboTax 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZhornStickies" = Stickies 7.0b

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
"MXpie Patch" = MXpie Patch for WinMX Network/WPNP 3.6.3.6
"Pixie" = Pixie 3.1 (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2012 9:07:55 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- Error
2330.Error getting file attributes: C:\Program Files\Adobe\Acrobat 10.0\Resource\Color\Profiles\Recommended.
GetLastError: 1450.

Error - 8/16/2012 9:07:55 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- Error
2330.Error getting file attributes: C:\Program Files\Adobe\Acrobat 10.0\Resource\Color\Profiles\Recommended.
GetLastError: 1450.

Error - 8/16/2012 9:07:56 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- Error
2330.Error getting file attributes: C:\Program Files\Adobe\Acrobat 10.0\Resource\Color\Profiles\Recommended.
GetLastError: 1450.

Error - 8/16/2012 9:07:56 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- Error
2330.Error getting file attributes: C:\Program Files\Adobe\Acrobat 10.0\Resource\Color\Profiles\Recommended.
GetLastError: 1450.

Error - 8/16/2012 9:07:56 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- Error
2330.Error getting file attributes: C:\Program Files\Adobe\Acrobat 10.0\Resource\Color\Profiles\Recommended.
GetLastError: 1450.

Error - 8/16/2012 9:07:57 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- Error
2330.Error getting file attributes: C:\Program Files\Adobe\Acrobat 10.0\Resource\Color\Profiles\Recommended.
GetLastError: 1450.

Error - 8/16/2012 9:07:58 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 10005
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- Error
2330.Error getting file attributes: C:\Program Files\Adobe\Acrobat 10.0\Resource\Color\Profiles\Recommended.
GetLastError: 1450.

Error - 8/16/2012 9:08:37 PM | Computer Name = MATTCUSTOM | Source = MsiInstaller | ID = 1023
Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch - Update
'Adobe Acrobat X (10.1.2)' could not be installed. Error code 1603. Additional
information is available in the log file C:\DOCUME~1\Matt\LOCALS~1\Temp\Alog.log.

Error - 8/20/2012 5:59:43 PM | Computer Name = MATTCUSTOM | Source = Application Hang | ID = 1002
Description = Hanging application OTL.com, version 3.2.53.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/20/2012 10:33:06 PM | Computer Name = MATTCUSTOM | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

[ System Events ]
Error - 8/22/2012 7:18:56 AM | Computer Name = MATTCUSTOM | Source = Print | ID = 23
Description = Printer Canon MF5550 Printer,0 failed to initialize because a suitable
Canon MF5550 Printer driver could not be found.

Error - 8/22/2012 7:34:40 AM | Computer Name = MATTCUSTOM | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{E2147DF5-CFA7-45AB-92F8-591933227C62}. The
backup browser is stopping.

Error - 8/22/2012 8:57:16 AM | Computer Name = MATTCUSTOM | Source = Print | ID = 23
Description = Printer Canon MF5550 Printer failed to initialize because a suitable
Canon MF5550 Printer driver could not be found.

Error - 8/22/2012 9:10:42 AM | Computer Name = MATTCUSTOM | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.

Error - 8/22/2012 9:12:09 AM | Computer Name = MATTCUSTOM | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.

Error - 8/22/2012 12:48:41 PM | Computer Name = MATTCUSTOM | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/22/2012 12:48:41 PM | Computer Name = MATTCUSTOM | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/22/2012 12:49:36 PM | Computer Name = MATTCUSTOM | Source = Print | ID = 23
Description = Printer Canon MF5550 Printer on Matt failed to initialize because
a suitable Canon MF5550 Printer driver could not be found.

Error - 8/22/2012 12:49:36 PM | Computer Name = MATTCUSTOM | Source = Print | ID = 23
Description = Printer Canon MF5550 Printer,0 failed to initialize because a suitable
Canon MF5550 Printer driver could not be found.

Error - 8/22/2012 12:51:12 PM | Computer Name = MATTCUSTOM | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{E2147DF5-CFA7-45AB-92F8-591933227C62}. The
backup browser is stopping.


< End of report >
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download fix.txt to your Desktop. Attached File  fix.txt   17.63KB   85 downloads

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Click on Run fix button and then on OK.
  • Navigate to fix.txt file on your Desktop and click on Open button.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
skipperscruise

skipperscruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Please note that the problem with Strange Icon's with square boxes as descriptions appearing on the Desktop are gone except for one dated 07.24.12.

First log:

All processes killed
========== OTL ==========
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw+0\ deleted successfully.
Invalid CLSID key: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw+0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw-0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw00\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw00s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw-0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw10\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw10s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw20\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw20s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw30\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw30s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw40\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw40s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw50\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw50s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw60\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw60s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw70\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw70s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw80\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw80s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw90\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw90s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwa0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwa0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwb0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwb0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwc0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwc0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwd0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwd0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwe0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwe0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwf0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwf0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480\ deleted successfully.
Invalid CLSID key: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwg0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwg0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwh0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwh0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwi0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwi0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwj0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwj0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwk0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwk0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwl0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwl0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwm0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwm0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwn0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwn0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwo0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwo0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwp0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwp0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwq0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwq0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwr0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwr0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bws0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bws0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwt0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwt0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwu0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwu0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwv0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwv0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bww0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bww0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwx0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwx0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwy0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwy0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwz0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwz0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\offline-8876480\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
C:\Documents and Settings\Matt\Desktop\Ð moved successfully.
C:\Documents and Settings\Matt\Desktop\` moved successfully.
C:\Documents and Settings\Matt\Desktop\騐˚ moved successfully.
C:\Documents and Settings\Matt\Desktop\쒌᤺쒐᤺粐Ȩ粑��Ȣ粑l moved successfully.
File C:\Documents and Settings\Matt\Desktop\騐˚ not found.
File C:\Documents and Settings\Matt\Desktop\쒌᤺쒐᤺粐Ȩ粑��Ȣ粑l not found.
C:\Documents and Settings\Matt\Desktop\플᤺픐᤺粐Ȩ粑��Ȣ粑l moved successfully.
C:\Documents and Settings\Matt\Desktop\粐컈ᮀ��쮰ᮁ팜᤺ moved successfully.
C:\Documents and Settings\Matt\Desktop\환᤺駵㵼환᤺馺㵼틴᤺ moved successfully.
C:\Documents and Settings\Matt\Desktop\粐컈ᮀ��쮰ᮁ$ጤ瑯 moved successfully.
C:\Documents and Settings\Matt\Desktop\粐컈ᮀ��팘᤺ moved successfully.
C:\Documents and Settings\Matt\Desktop\⌨ moved successfully.
C:\Documents and Settings\Matt\Desktop\௄ moved successfully.
File C:\Documents and Settings\Matt\Desktop\플᤺픐᤺粐Ȩ粑��Ȣ粑l not found.
File C:\Documents and Settings\Matt\Desktop\粐컈ᮀ��쮰ᮁ팜᤺ not found.
File C:\Documents and Settings\Matt\Desktop\환᤺駵㵼환᤺馺㵼틴᤺ not found.
File C:\Documents and Settings\Matt\Desktop\粐컈ᮀ��쮰ᮁ$ጤ瑯 not found.
File C:\Documents and Settings\Matt\Desktop\粐컈ᮀ��팘᤺ not found.
File C:\Documents and Settings\Matt\Desktop\⌨ not found.
File C:\Documents and Settings\Matt\Desktop\௄ not found.
File C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ not found.
C:\Documents and Settings\Matt\Desktop\ꭀ㳸硴৔ moved successfully.
C:\Documents and Settings\Matt\Desktop\က moved successfully.
File C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ not found.
File C:\Documents and Settings\Matt\Desktop\ꭀ㳸硴৔ not found.
File C:\Documents and Settings\Matt\Desktop\က not found.
C:\Documents and Settings\Matt\Desktop\ﰰܯƿ moved successfully.
File C:\Documents and Settings\Matt\Desktop\ﰰܯƿ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 220248 bytes
->Temporary Internet Files folder emptied: 30974897 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9616 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 699 bytes

Total Files Cleaned = 30.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Matt
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Matt
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 08222012_145428

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/08/22 14:56:28 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...



Second log:



OTL logfile created on: 8/22/2012 3:04:16 PM - Run 8
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 459.77 Mb Available Physical Memory | 44.92% Memory free
12.53 Gb Paging File | 12.06 Gb Available in Paging File | 96.25% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 8.48 Gb Free Space | 24.81% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.02 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.75 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 66.60 Gb Free Space | 28.60% Space Free | Partition Type: NTFS

Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 22:07:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.com
PRC - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 08:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/21 03:21:38 | 001,802,240 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082200\algo.dll
MOD - [2012/06/14 09:48:52 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 09:47:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 08:43:49 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:43:36 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 08:41:39 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:39:17 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:33:03 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/18 19:33:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 19:33:27 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/18 19:33:26 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/18 19:30:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/18 19:30:31 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/18 19:01:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/18 18:58:34 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/18 18:58:17 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/18 18:50:53 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/18 18:50:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/18 18:50:40 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/18 18:50:18 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/18 18:50:03 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/18 18:49:55 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/28 08:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2012/06/28 08:52:42 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/06/28 08:52:42 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/06/28 08:52:37 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/06/28 08:52:37 | 000,097,352 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/06/28 08:52:37 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/06/28 08:52:36 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/06/28 08:52:36 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/10 06:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{05157127-2C10-401A-BB4E-FE4B15FB1799}: "URL" = https://duckduckgo.c...q={searchTerms}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/08/22 14:54:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Autobackup.lnk = C:\Program Files\KRtech\ERUNTgui\autoRun.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 10:49:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/22 09:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/08/22 09:08:46 | 004,735,900 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2012/08/16 21:06:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/21 14:30:01 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Matt\gotomypc_540.exe

========== Files - Modified Within 30 Days ==========

[2012/08/22 15:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 14:56:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 14:56:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/22 14:54:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/22 09:08:54 | 004,735,900 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2012/08/20 23:06:45 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/08/20 23:05:20 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/08/20 14:16:45 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/19 23:15:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/08/19 11:48:15 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/17 17:37:29 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/08/17 08:04:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/16 17:49:50 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 17:48:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 17:44:38 | 000,001,701 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/07/31 09:06:54 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/07/31 08:53:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/07/31 08:52:27 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Aaron.rdp
[2012/07/23 20:38:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Files Created - No Company Name ==========

[2012/07/31 08:52:27 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Aaron.rdp
[2012/07/09 23:28:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/09 23:28:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/09 23:28:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/09 23:28:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/09 23:28:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/15 14:38:18 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/09/13 14:11:48 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2009/05/23 23:12:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/13 11:26:22 | 000,006,557 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\PrimoPDFSet.xml
[2008/04/27 09:52:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\PUTTY.RND
[2007/01/07 20:43:12 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/13 18:01:18 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\Matt\.fotki-uploader300-settings.xml
[2006/01/13 17:59:03 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Matt\.lastFolder
[2005/07/01 23:56:08 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/19 15:24:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/03/19 13:25:56 | 022,806,528 | -H-- | C] () -- C:\Documents and Settings\Matt\NTUSER.bak

========== LOP Check ==========

[2012/06/12 06:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Epson
[2012/07/12 18:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/18 21:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/22 12:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2012/05/28 01:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2012/05/19 09:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Oracle
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/08/22 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/07/12 18:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/08/16 19:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/07/24 14:36:27 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\?u???????) -- C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ
[2012/07/24 14:36:27 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\?u???????) -- C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ

< End of report >
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download fix.txt to your Desktop. Attached File  fix.txt   861bytes   89 downloads

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Click on Run fix button and then on OK.
  • Navigate to fix.txt file on your Desktop and click on Open button.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


NEXT...

Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




  • 0

#9
skipperscruise

skipperscruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Still have that one icon on the desktop with square boxes as the description, file one dated 07.24.12. Should I just delete it? Also, what was the malware? Thanks, Skipperscruise

First OTL log:

All processes killed
========== OTL ==========
File C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ not found.
File C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 370269 bytes
->Temporary Internet Files folder emptied: 97771451 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 971 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10652120 bytes

Total Files Cleaned = 104.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Matt
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Matt
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.53.1 log created on 08232012_182506

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/08/23 18:27:22 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...





Second OTL log:

OTL logfile created on: 8/23/2012 6:29:28 PM - Run 9
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 466.40 Mb Available Physical Memory | 45.57% Memory free
12.53 Gb Paging File | 12.07 Gb Available in Paging File | 96.35% Paging File free
Paging file location(s): F:\pagefile.sys 11933 11933 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 8.61 Gb Free Space | 25.18% Space Free | Partition Type: NTFS
Drive F: | 11.72 Gb Total Space | 0.02 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive G: | 23.33 Gb Total Space | 5.75 Gb Free Space | 24.64% Space Free | Partition Type: NTFS
Drive R: | 232.88 Gb Total Space | 66.67 Gb Free Space | 28.63% Space Free | Partition Type: NTFS

Computer Name: MATTCUSTOM | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/02 22:07:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.com
PRC - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 13:32:08 | 000,789,008 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/01/09 13:28:58 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/17 05:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/10/14 16:53:24 | 000,681,472 | ---- | M] (Dominik Reichl) -- C:\Program Files\KeePass Password Safe\KeePass.exe
PRC - [2004/12/07 04:16:36 | 000,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/09/22 23:16:20 | 000,069,707 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/23 05:12:48 | 001,803,264 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12082300\algo.dll
MOD - [2012/06/14 09:48:52 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 09:47:44 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 08:43:49 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:43:36 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 08:41:39 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:39:17 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:33:03 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/18 19:33:29 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\082473bbeed448eb13a7f348cf33e98f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 19:33:27 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/18 19:33:26 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/18 19:30:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/18 19:30:31 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/18 19:01:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/18 18:58:34 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/18 18:58:17 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/18 18:50:53 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/18 18:50:43 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/18 18:50:40 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/18 18:50:18 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/18 18:50:03 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/18 18:49:55 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/11/09 22:45:32 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/10 06:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/01/31 15:03:26 | 000,276,480 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/02/10 23:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2008/06/06 22:04:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/01/09 13:30:08 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utiznzyw.sys -- (utiznzyw)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipsecw2k.sys -- (IPSECSHM)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DigiCellDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ATIRWVD.SYS -- (ATI Remote Wonder II)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/10 06:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/11/09 23:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/05/23 23:11:49 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:18:04 | 000,078,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/29 03:17:34 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/11/29 03:17:28 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/12/04 17:11:46 | 004,025,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/12/07 04:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/11/24 05:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/11/24 05:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/16 11:54:06 | 000,038,336 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2004/10/20 23:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/07/05 14:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/06/15 19:14:00 | 000,180,480 | R--- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mortgagenewsdaily.com/
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes,DefaultScope = {B718F60E-E9E0-4982-B735-DED2F72B3C9F}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{05157127-2C10-401A-BB4E-FE4B15FB1799}: "URL" = https://duckduckgo.c...q={searchTerms}
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{A54AD221-2961-47F7-92CB-46F0EE188798}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..\SearchScopes\{B718F60E-E9E0-4982-B735-DED2F72B3C9F}: "URL" = http://www.google.co...&rlz=1I7GGLG_en
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)



========== Chrome ==========


O1 HOSTS File: ([2012/08/23 18:25:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE (ATI Technologies Inc.)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKU\S-1-5-21-789336058-1979792683-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Autobackup.lnk = C:\Program Files\KRtech\ERUNTgui\autoRun.exe ()
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Epson scanner Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-789336058-1979792683-725345543-1003\..Trusted Domains: secureserver.net. ([www.email] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: IEPrint http://www.visiontec...oad/IEPrint.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323ED6D9-8F1E-4565-8E60-456B156C6411}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2147DF5-CFA7-45AB-92F8-591933227C62}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/19 13:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 17:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2012/08/22 17:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Winamp
[2012/08/22 10:49:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/22 09:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/08/22 09:08:46 | 004,735,900 | R--- | C] (Swearware) -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2012/08/16 21:06:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/21 14:30:01 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Matt\gotomypc_540.exe

========== Files - Modified Within 30 Days ==========

[2012/08/23 18:27:46 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/23 18:27:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/23 18:27:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/23 18:25:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/23 18:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/23 08:22:14 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2012/08/23 07:43:33 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft FrontPage.lnk
[2012/08/23 07:20:51 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/22 17:07:14 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/08/22 17:07:14 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2012/08/22 09:08:54 | 004,735,900 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/20 14:16:45 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/19 23:15:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/08/19 11:48:15 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/17 17:37:29 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/08/17 08:04:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/16 17:49:50 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 17:48:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 17:44:38 | 000,001,701 | ---- | M] () -- C:\WINDOWS\winpoint.ini
[2012/07/31 09:06:54 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2012/07/31 08:53:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Nuance Image Printer Writer Port
[2012/07/31 08:52:27 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Aaron.rdp

========== Files Created - No Company Name ==========

[2012/08/23 07:20:51 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/22 17:07:14 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/08/22 17:07:14 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2012/07/31 08:52:27 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Aaron.rdp
[2012/07/09 23:28:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/09 23:28:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/09 23:28:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/09 23:28:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/09 23:28:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/13 00:31:17 | 000,935,231 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1979792683-725345543-1003-0.dat
[2012/04/12 12:17:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/11 13:10:27 | 000,232,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/11 13:00:19 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/21 00:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/01/20 23:52:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2012/01/20 23:52:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2012/01/20 23:17:36 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw86.bin
[2012/01/20 23:05:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/01/20 23:05:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/01/20 23:05:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/01/20 23:05:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/01/20 23:05:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/01/20 23:05:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/01/20 23:05:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/01/20 23:05:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/01/20 23:05:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/01/20 23:05:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/01/20 23:05:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/01/20 23:05:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/01/20 23:05:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/01/20 23:05:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/01/20 23:03:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\WFGT1500.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/26 16:21:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/10/26 16:20:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/10/26 16:20:38 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/10/26 16:20:38 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/10/26 16:20:38 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/10/26 16:20:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/06/21 09:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lsaka.bin
[2011/03/08 17:40:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/08 22:41:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/10/11 12:31:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/11 12:31:44 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/11 12:31:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/15 14:38:18 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/09/13 14:11:48 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2009/05/23 23:12:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/13 11:26:22 | 000,006,557 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\PrimoPDFSet.xml
[2008/04/27 09:52:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\PUTTY.RND
[2007/01/07 20:43:12 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/13 18:01:18 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\Matt\.fotki-uploader300-settings.xml
[2006/01/13 17:59:03 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Matt\.lastFolder
[2005/07/01 23:56:08 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/19 15:24:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/03/19 13:25:56 | 022,806,528 | -H-- | C] () -- C:\Documents and Settings\Matt\NTUSER.bak

========== LOP Check ==========

[2012/06/12 06:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Epson
[2012/07/12 18:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode
[2009/09/23 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2012/05/18 21:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/23 10:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BytePro
[2012/05/28 01:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/12/28 22:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/11/17 00:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/09/24 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2011/02/08 21:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2009/03/21 20:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2006/02/21 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal
[2009/09/27 23:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/06 21:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/12/05 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/08/15 14:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/08 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/08/15 14:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2005/06/30 07:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.BitTornado
[2010/08/15 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\.oit
[2010/12/16 23:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\A Gypsy's Tale - The Tower of Secrets
[2012/05/08 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2009/06/14 01:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Audacity
[2011/11/11 00:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Big Fish Games
[2010/03/26 22:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Calyx Software
[2009/06/02 00:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/03/14 14:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DeductionPro 2004-05
[2012/01/20 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\EPSON
[2008/03/17 21:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ericom
[2006/03/18 19:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Feedreader
[2008/08/27 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\FileZilla
[2009/10/22 23:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Flood Light Games
[2010/11/23 23:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Floodlight Games
[2010/11/13 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameHouse
[2011/10/23 23:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GameMill Entertainment
[2011/01/08 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Ghost Ship Studios
[2011/10/14 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HitPoint Studios
[2007/03/05 19:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/12/31 00:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iScreensaver
[2012/01/20 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2010/12/17 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\iWin
[2009/04/19 00:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Jetsetter
[2005/10/05 22:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2005/07/02 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mp3tag
[2011/02/24 00:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Mystery of Mortlake Mansion
[2009/12/12 16:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NewSoft
[2010/08/14 11:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NSBackup
[2010/08/15 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nuance
[2012/05/19 09:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Oracle
[2010/08/17 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PDS
[2010/12/29 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PlayFirst
[2012/08/23 18:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PrimoPDF
[2009/04/25 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Reflexivev1005
[2010/11/10 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RemoteScanClient
[2009/06/01 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Samsung
[2010/11/25 15:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ShinyTales
[2011/01/10 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Skunk Studios
[2009/09/04 19:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop
[2009/12/30 18:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SpinTop Games
[2012/07/12 18:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\stickies
[2010/11/23 23:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thinstall
[2010/12/31 23:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ThreeDays2
[2010/12/30 00:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TitanicMystery
[2012/08/22 17:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2011/10/28 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSaga
[2011/11/05 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\VampireSagaHL
[2010/12/04 22:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vast Studios
[2011/02/19 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Vogat Interactive
[2012/04/18 12:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2006/02/23 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\X10 Commander
[2010/08/15 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zeon
[2012/08/23 18:27:46 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/07/24 14:36:27 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Matt\Desktop\?u???????) -- C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ
[2012/07/24 14:36:27 | 000,000,000 | ---- | C] ()(C:\Documents and Settings\Matt\Desktop\?u???????) -- C:\Documents and Settings\Matt\Desktop\뙤ŭ퉸š矄꽀šɿ

< End of report >




Malwarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Matt :: MATTCUSTOM [administrator]

8/23/2012 7:00:46 PM
mbam-log-2012-08-23 (19-00-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214810
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes. Please try to delete it manually.

Also, what was the malware?

I don't know exactly.

How is your computer running now? Any problems besides that icon?
  • 0

Advertisements


#11
skipperscruise

skipperscruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I deleted it manually. The computer is running fine but like I said it can take from 6 to 8 hours before a problem shows up. Let's give a few days. Thanks.
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click on Report sending and then the link avptool sysinfo.zip (open the file manager) to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#13
skipperscruise

skipperscruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi, we are under a tropical strom warning and I want to run the VRT overnight but not have a power outage. It may be a couple of days before I can get to run it. Thanks, Skipperscruise
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No problem. I will be here. Take care.:thumbsup:
  • 0

#15
skipperscruise

skipperscruise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Completed VRT and have 2 reports, the first is after the scan but before running disinfect and the second is after running disinfect. The two reporst are below.

Also, the avptool sysinfo report lists some suspicious files. That zip file is attached.

First VRT Report:

Status: Detected (events: 17)
8/26/2012 12:40:45 AM Detected Trojan program Trojan.Win32.Pincav.boto G:\Downloads\CCNA_6th_Edition.part1.rar//CCNA 6th Edition.iso//Audio_Video Files/Audio.exe;1 High
8/26/2012 7:24:56 AM Detected Trojan program Trojan.Win32.Bublik.eju G:\Downloads\CCNA_6th_Edition.part1.rar//CCNA 6th Edition.iso//Audio_Video Files/Video.exe;1 High
8/26/2012 8:48:18 AM Detected Trojan program Trojan.Win32.Pincav.boto R:\Cisco\CCNA\Video\CCNA 6th Edition.iso//Audio_Video Files/Audio.exe;1 High
8/26/2012 9:38:29 AM Detected Trojan program Trojan.Win32.Bublik.eju R:\Cisco\CCNA\Video\CCNA 6th Edition.iso//Audio_Video Files/Video.exe;1 High
8/26/2012 11:06:48 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\Skipperscruise COFS\[From:Mail Delivery Subsystem][Subject:Returned mail: see transcript for details][Time:2004/11/30 22:56:06]/ Account Investigation Important Notice (3.62 KB)/PlainBody//[From [email protected]][Date 1 Dec 2004 10:56:39] High
8/26/2012 11:10:56 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\Skipperscruise COFS\[From:Mail Delivery Subsystem][Subject:Returned mail: see transcript for details][Time:2004/11/30 22:56:06]/ Account Investigation Important Notice (3.62 KB)/RichBody//[From [email protected]\par][Date 1 Dec 2004 10:56:39 +0800\par] High
8/26/2012 11:12:42 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: A new email address added to your PayPal account][Time:2005/01/12 21:29:25]/PlainBody//[From "PayPal" <[email protected]>][Date 7 Jan 2005 17:03:37] High
8/26/2012 11:30:31 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: A new email address added to your PayPal account][Time:2005/01/12 21:29:25]/RichBody//[From "PayPal" <[email protected]>\par][Date 7 Jan 2005 17:03:37 -0800\par] High
8/26/2012 11:30:41 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: New email address added to your PayPal account][Time:2005/01/19 19:01:44]/PlainBody//[From "PayPal" <[email protected]>][Date 13 Jan 2005 04:38:06] High
8/26/2012 11:30:46 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: New email address added to your PayPal account][Time:2005/01/19 19:01:44]/RichBody//[From "PayPal" <[email protected]>\par][Date 13 Jan 2005 04:38:06 -0800\par] High
8/26/2012 11:30:50 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Limited Account Access Notification][Time:2005/04/06 23:31:43]/PlainBody//[From [email protected]][Date 4 Apr 2005 13:09:03] High
8/26/2012 11:30:54 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Limited Account Access Notification][Time:2005/04/06 23:31:43]/RichBody//[From [email protected]\par][Date 4 Apr 2005 13:09:03] High
8/26/2012 11:31:13 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Account Investigation Important Notice][Time:2004/11/30 22:56:35]/PlainBody//[From [email protected]][Date 1 Dec 2004 10:56:39] High
8/26/2012 11:31:17 AM Detected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Account Investigation Important Notice][Time:2004/11/30 22:56:35]/RichBody//[From [email protected]\par][Date 1 Dec 2004 10:56:39 +0800\par] High
8/26/2012 12:43:42 PM Detected Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping\Top of Personal Folders\Sent Items\[From:South Coast Shopping][Subject:FW: Your credit card information has been changed][Time:2012/01/25 15:11:25]/PlainBody//[From [email protected] [mailto:[email protected]] ][Subj Your credit card information has been changed]/[Date 23 Jan 2012 07:08:09] High
8/26/2012 12:54:58 PM Detected Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping\Top of Personal Folders\Sent Items\[From:South Coast Shopping][Subject:FW: Your credit card information has been changed][Time:2012/01/25 15:11:25]/RichBody//[From [email protected] [mailto:[email protected]] \par][Subj Your credit card information has been changed\par]/[Date 23 Jan 2012 07:08:09] High
8/26/2012 1:43:38 PM Detected Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping 2011\Top of Personal Folders\Inbox\[From:None][Subject:Still for sale?][Time:2011/08/26 19:22:56]/PlainBody//[Date 26 Aug 2011 18:08:25]/html High
Status: Deleted (events: 4)
8/26/2012 9:38:02 AM Deleted Trojan program Trojan.Win32.Pincav.boto R:\Cisco\CCNA\CCNA 6th Edition\Audio_Video Files\Audio.exe High
8/26/2012 9:38:04 AM Deleted Trojan program Trojan.Win32.Bublik.eju R:\Cisco\CCNA\CCNA 6th Edition\Audio_Video Files\Video.exe High
8/26/2012 4:08:06 PM Deleted Trojan program Trojan.Win32.Pincav.boto R:\System Volume Information\_restore{B1A94136-F9DC-451F-80A0-E03C53330D78}\RP1637\A0152384.exe High
8/26/2012 4:08:19 PM Deleted Trojan program Trojan.Win32.Bublik.eju R:\System Volume Information\_restore{B1A94136-F9DC-451F-80A0-E03C53330D78}\RP1637\A0152385.exe High



Second VRT Report:

Status: Deleted (events: 11)
8/26/2012 4:20:57 PM Deleted Trojan program Trojan.Win32.Pincav.boto G:\Downloads\CCNA_6th_Edition.part1.rar//CCNA 6th Edition.iso//Audio_Video Files/Audio.exe;1 High
8/26/2012 4:20:57 PM Deleted Trojan program Trojan.Win32.Bublik.eju G:\Downloads\CCNA_6th_Edition.part1.rar//CCNA 6th Edition.iso//Audio_Video Files/Video.exe;1 High
8/26/2012 9:38:02 AM Deleted Trojan program Trojan.Win32.Pincav.boto R:\Cisco\CCNA\CCNA 6th Edition\Audio_Video Files\Audio.exe High
8/26/2012 9:38:04 AM Deleted Trojan program Trojan.Win32.Bublik.eju R:\Cisco\CCNA\CCNA 6th Edition\Audio_Video Files\Video.exe High
8/26/2012 4:22:26 PM Deleted Trojan program Trojan.Win32.Pincav.boto R:\Cisco\CCNA\Video\CCNA 6th Edition.iso//Audio_Video Files/Audio.exe;1 High
8/26/2012 4:22:26 PM Deleted Trojan program Trojan.Win32.Bublik.eju R:\Cisco\CCNA\Video\CCNA 6th Edition.iso//Audio_Video Files/Video.exe;1 High
8/26/2012 4:08:06 PM Deleted Trojan program Trojan.Win32.Pincav.boto R:\System Volume Information\_restore{B1A94136-F9DC-451F-80A0-E03C53330D78}\RP1637\A0152384.exe High
8/26/2012 4:08:19 PM Deleted Trojan program Trojan.Win32.Bublik.eju R:\System Volume Information\_restore{B1A94136-F9DC-451F-80A0-E03C53330D78}\RP1637\A0152385.exe High
8/26/2012 4:20:57 PM Deleted Trojan program Trojan.Win32.Pincav.boto G:\Downloads\CCNA_6th_Edition.part1.rar//CCNA 6th Edition.iso High
8/26/2012 4:20:57 PM Deleted Trojan program Trojan.Win32.Bublik.eju G:\Downloads\CCNA_6th_Edition.part1.rar High
8/26/2012 4:22:26 PM Deleted Trojan program Trojan.Win32.Bublik.eju R:\Cisco\CCNA\Video\CCNA 6th Edition.iso High
Status: Absent (events: 13)
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\Skipperscruise COFS\[From:Mail Delivery Subsystem][Subject:Returned mail: see transcript for details][Time:2004/11/30 22:56:06]/ Account Investigation Important Notice (3.62 KB)/PlainBody//[From [email protected]][Date 1 Dec 2004 10:56:39] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\Skipperscruise COFS\[From:Mail Delivery Subsystem][Subject:Returned mail: see transcript for details][Time:2004/11/30 22:56:06]/ Account Investigation Important Notice (3.62 KB)/RichBody//[From [email protected]\par][Date 1 Dec 2004 10:56:39 +0800\par] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: A new email address added to your PayPal account][Time:2005/01/12 21:29:25]/PlainBody//[From "PayPal" <[email protected]>][Date 7 Jan 2005 17:03:37] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: A new email address added to your PayPal account][Time:2005/01/12 21:29:25]/RichBody//[From "PayPal" <[email protected]>\par][Date 7 Jan 2005 17:03:37 -0800\par] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: New email address added to your PayPal account][Time:2005/01/19 19:01:44]/PlainBody//[From "PayPal" <[email protected]>][Date 13 Jan 2005 04:38:06] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: New email address added to your PayPal account][Time:2005/01/19 19:01:44]/RichBody//[From "PayPal" <[email protected]>\par][Date 13 Jan 2005 04:38:06 -0800\par] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Limited Account Access Notification][Time:2005/04/06 23:31:43]/PlainBody//[From [email protected]][Date 4 Apr 2005 13:09:03] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Limited Account Access Notification][Time:2005/04/06 23:31:43]/RichBody//[From [email protected]\par][Date 4 Apr 2005 13:09:03] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Account Investigation Important Notice][Time:2004/11/30 22:56:35]/PlainBody//[From [email protected]][Date 1 Dec 2004 10:56:39] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:FWD: Account Investigation Important Notice][Time:2004/11/30 22:56:35]/RichBody//[From [email protected]\par][Date 1 Dec 2004 10:56:39 +0800\par] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping\Top of Personal Folders\Sent Items\[From:South Coast Shopping][Subject:FW: Your credit card information has been changed][Time:2012/01/25 15:11:25]/PlainBody//[From [email protected] [mailto:[email protected]] ][Subj Your credit card information has been changed]/[Date 23 Jan 2012 07:08:09] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping\Top of Personal Folders\Sent Items\[From:South Coast Shopping][Subject:FW: Your credit card information has been changed][Time:2012/01/25 15:11:25]/RichBody//[From [email protected] [mailto:[email protected]] \par][Subj Your credit card information has been changed\par]/[Date 23 Jan 2012 07:08:09] High
8/26/2012 4:25:34 PM Not found Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping 2011\Top of Personal Folders\Inbox\[From:None][Subject:Still for sale?][Time:2011/08/26 19:22:56]/PlainBody//[Date 26 Aug 2011 18:08:25]/html High
Status: Disinfected (events: 15)
8/26/2012 4:23:01 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: New email address added to your PayPal account][Time:2005/01/19 19:01:44]/PlainBody//[From "PayPal" <[email protected]>][Date 13 Jan 2005 04:38:06] High
8/26/2012 4:23:01 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: New email address added to your PayPal account][Time:2005/01/19 19:01:44]/PlainBody High
8/26/2012 4:23:25 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: Account Investigation Important Notice][Time:2004/11/30 22:56:35]/PlainBody//[From [email protected]][Date 1 Dec 2004 10:56:39] High
8/26/2012 4:23:25 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: Account Investigation Important Notice][Time:2004/11/30 22:56:35]/PlainBody High
8/26/2012 4:23:45 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: A new email address added to your PayPal account][Time:2005/01/12 21:29:25]/PlainBody//[From "PayPal" <[email protected]>][Date 7 Jan 2005 17:03:37] High
8/26/2012 4:23:45 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: A new email address added to your PayPal account][Time:2005/01/12 21:29:25]/PlainBody High
8/26/2012 4:24:10 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: Limited Account Access Notification][Time:2005/04/06 23:31:43]/PlainBody//[From [email protected]][Date 4 Apr 2005 13:09:03] High
8/26/2012 4:24:10 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\SkippersCruiseCOFSOutBox\[From:skipperscruise][Subject:Message has a suspicious part : FWD: Limited Account Access Notification][Time:2005/04/06 23:31:43]/PlainBody High
8/26/2012 4:24:31 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\Skipperscruise COFS\[From:Mail Delivery Subsystem][Subject:Message has a suspicious part : Returned mail: see transcript for details][Time:2004/11/30 22:56:06]/ Account Investigation Important Notice (3.62 KB)/PlainBody//[From [email protected]][Date 1 Dec 2004 10:56:39] High
8/26/2012 4:24:31 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\Skipperscruise COFS\[From:Mail Delivery Subsystem][Subject:Message has a suspicious part : Returned mail: see transcript for details][Time:2004/11/30 22:56:06]/ Account Investigation Important Notice (3.62 KB)/PlainBody High
8/26/2012 4:24:31 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\Skipperscruise COFS\[From:Mail Delivery Subsystem][Subject:Message has a suspicious part : Returned mail: see transcript for details][Time:2004/11/30 22:56:06]/ Account Investigation Important Notice (3.62 KB) High
8/26/2012 4:24:58 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping 2011\Top of Personal Folders\Inbox\[From:None][Subject:Message has a suspicious part : Still for sale?][Time:2011/08/26 19:22:56]/PlainBody//[Date 26 Aug 2011 18:08:25]/html High
8/26/2012 4:24:58 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping 2011\Top of Personal Folders\Inbox\[From:None][Subject:Message has a suspicious part : Still for sale?][Time:2011/08/26 19:22:56]/PlainBody High
8/26/2012 4:25:34 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping\Top of Personal Folders\Sent Items\[From:South Coast Shopping][Subject:Message has a suspicious part : FW: Your credit card information has been changed][Time:2012/01/25 15:11:25]/PlainBody//[From [email protected] [mailto:[email protected]] ][Subj Your credit card information has been changed]/[Date 23 Jan 2012 07:08:09] High
8/26/2012 4:25:34 PM Disinfected Trojan program Trojan-Spy.HTML.Fraud.gen South Coast Shopping\South Coast Shopping\Top of Personal Folders\Sent Items\[From:South Coast Shopping][Subject:Message has a suspicious part : FW: Your credit card information has been changed][Time:2012/01/25 15:11:25]/PlainBody High

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP