My HijackThis log file....**BankerFox.A/**

View previous topic View next topic Go down

My HijackThis log file....**BankerFox.A/**

Post by callagoob on 2nd March 2010, 5:04 pm

Below is my Log file.
Problem: -A popup box telling me that "Application cannot be executed. The file .exe is infected.
Do you want to actvate your antivirus software now? this happens whenever I try to open a program or file

-I also get a popup that tells me I have an "Infiltration Alert" and details either says BankerFox.A or Win32/Nugel.E

I have to run in safe mode to get any type of Virus Scan to work.. I have scanned with Malwarebytes and AVG 9.0 scan. The AVG was not on PC when it got infected.
Thanks for any help,
john
===========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:11 AM, on 3/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John Callery\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
O4 - HKLM\..\Run: [jjvkdxbo] C:\Documents and Settings\John Callery\Local Settings\Application Data\vmmyux\dtwesftav.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [jjvkdxbo] C:\Documents and Settings\John Callery\Local Settings\Application Data\vmmyux\dtwesftav.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BidMagic 2008: BidMagic 2008 update permissions manager. 1484. - Unknown owner - C:\WINDOWS\Installer\MSI443.tmp.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8972 bytes

callagoob
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows xp
Points Points : 24853
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by Belahzur on 2nd March 2010, 5:06 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O4 - HKLM\..\Run: [jjvkdxbo] C:\Documents and Settings\John Callery\Local Settings\Application Data\vmmyux\dtwesftav.exe
    O4 - HKCU\..\Run: [jjvkdxbo] C:\Documents and Settings\John Callery\Local Settings\Application Data\vmmyux\dtwesftav.exe
    O23 - Service: BidMagic 2008: BidMagic 2008 update permissions manager. 1484. - Unknown owner - C:\WINDOWS\Installer\MSI443.tmp.exe (file missing)



  • Press "Fix Checked"
  • Close Hijack This.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by callagoob on 2nd March 2010, 5:38 pm

maleware log
Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/2/2010 11:35:27 AM
mbam-log-2010-03-02 (11-35-27).txt

Scan type: Quick Scan
Objects scanned: 138114
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\John Callery\Local Settings\Temp\BDQR.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\John Callery\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

callagoob
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows xp
Points Points : 24853
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by Belahzur on 2nd March 2010, 5:40 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by callagoob on 2nd March 2010, 5:50 pm

OLT.txt

OTL logfile created on: 3/2/2010 11:44:30 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\John Callery\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 182.02 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 11.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALLERY
Current User Name: John Callery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/02 11:43:52 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Callery\Desktop\OTL.exe
PRC - [2010/03/01 23:29:32 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/01 23:29:31 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/01 23:29:31 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/01 23:29:31 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/01 23:29:29 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/01 23:29:29 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/03/01 23:29:29 | 000,304,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/18 20:13:26 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/14 07:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/08/03 20:05:02 | 000,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/06/30 16:10:30 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/04 21:04:06 | 000,071,512 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008/10/26 18:41:22 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2008/10/26 18:41:20 | 002,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2008/10/26 18:40:48 | 001,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2008/10/10 20:37:02 | 000,538,432 | ---- | M] () -- C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
PRC - [2008/09/21 17:07:24 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/09/21 17:07:24 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/14 00:04:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/16 15:32:06 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM13Mon.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 15:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/02/22 10:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/02/21 15:25:06 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/02/21 15:24:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/02/21 15:24:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/02/21 15:24:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/01/22 20:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/09 10:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/10/29 14:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 18:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/23 11:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/02 11:43:52 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Callery\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 23:29:29 | 000,304,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/08/14 07:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2009/07/30 11:29:23 | 000,647,168 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\Installer\MSI443.tmp -- (BidMagic 2008: BidMagic 2008 update permissions manager. 1484.)
SRV - [2009/06/15 14:14:22 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\SqueezeCenter\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$RADIORA2) SQL Server (RADIORA2)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 21:04:06 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/10/26 18:41:22 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/07/11 09:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 23:29:41 | 000,242,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/01 23:29:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/01 23:29:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/01 23:29:40 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/20 16:16:26 | 000,043,136 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/08/14 07:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 07:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/05 10:42:38 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 15:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/17 11:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 11:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/04 21:04:10 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/11/04 21:04:08 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/10/26 18:41:02 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/21 17:07:32 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/07/16 15:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/07/16 15:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/07/16 15:32:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
DRV - [2008/04/21 13:35:32 | 000,018,560 | ---- | M] (Universal Remote Control, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\URC_USB_SYNC_FW.sys -- (URC_USB_SYNC_FW)
DRV - [2008/04/14 06:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 06:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 06:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/01 15:22:34 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008/04/01 15:22:30 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2008/04/01 15:22:28 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/04/01 15:22:26 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/04/01 15:22:26 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2008/04/01 15:22:24 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/01 15:22:22 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/03/17 15:59:36 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/02/21 18:28:14 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/21 15:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/21 15:21:58 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/14 11:29:20 | 000,047,120 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/08/22 14:46:35 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2007/08/22 14:46:35 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2007/07/26 03:00:00 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 14:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/01/17 10:37:19 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/01/17 10:37:18 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/01/17 10:37:17 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/11/06 17:04:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/09/30 15:04:16 | 000,017,920 | ---- | M] (Remote Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTIUSB.sys -- (RTIUSB)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/08/17 20:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 20:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 20:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 20:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 20:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 19:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 19:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 19:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 19:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 19:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 19:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 19:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 19:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 19:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 19:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090129
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090129

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4090129
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/27 13:37:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/10 12:57:34 | 000,000,247 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002/06/26 18:16:20 | 000,110,840 | R--- | M] () - D:\AutorunPro.EXE -- [ UDF ]
O33 - MountPoints2\{8b581a70-4ba5-11de-8013-e0930476e6fc}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{b2890b61-a45a-11de-802c-002186cb3a8e}\Shell - "" = AutoRun
O33 - MountPoints2\{b2890b61-a45a-11de-802c-002186cb3a8e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutorunPro.EXE -- [2002/06/26 18:16:20 | 000,110,840 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 11:43:52 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Callery\Desktop\OTL.exe
[2010/03/02 11:20:38 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Callery\Desktop\mbam-setup.exe
[2010/03/02 11:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Callery\Desktop\backups
[2010/03/02 07:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Callery\Application Data\Malwarebytes
[2010/03/02 07:07:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 07:07:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 07:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 07:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 07:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Callery\Desktop\Malwarebytes Anti-Malware 1.44
[2010/03/01 23:58:37 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/01 23:29:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/01 23:29:41 | 000,242,568 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/01 23:29:41 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/01 23:29:41 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/01 23:29:40 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/01 23:29:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/01 23:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/01 23:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/01 23:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/01 23:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/01 23:26:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/01 23:26:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/01 23:22:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/01 22:56:57 | 000,508,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Callery\Desktop\OTM.exe
[2010/03/01 21:39:32 | 119,070,704 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\John Callery\My Documents\avg_ipw_stf_all_90_785a2708.exe
[2010/03/01 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/01 19:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Callery\Local Settings\Application Data\vmmyux
[2010/03/01 09:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Callery\Local Settings\Application Data\Lutron_Electronics_Co.,_I
[2010/02/25 21:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Callery\Local Settings\Application Data\Temp
[2010/02/25 17:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lutron
[2010/02/25 15:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lutron
[2010/02/10 11:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/10 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/21 09:47:48 | 046,409,742 | ---- | C] (Logitech ) -- C:\Program Files\SqueezeCenter-7.3.3.exe
[2009/07/01 10:30:46 | 003,889,824 | ---- | C] (Comcast Cable Communications, LLC ) -- C:\Program Files\downloadable_install_wizard.exe
[2009/06/24 09:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/09 01:00:18 | 077,690,152 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2009/04/30 08:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/03/30 23:02:39 | 121,323,021 | ---- | C] (ELAN Home Systems ) -- C:\Program Files\VIATools 9.0.2.2.exe
[2009/03/10 12:39:20 | 005,520,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsSearch-KB940157-XP-x86-enu.exe
[2009/03/05 22:51:21 | 178,539,320 | ---- | C] (Macrovision Corporation) -- C:\Program Files\ID62Setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/02 11:43:52 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Callery\Desktop\OTL.exe
[2010/03/02 11:43:00 | 000,688,734 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/02 11:43:00 | 000,560,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/02 11:43:00 | 000,115,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/02 11:39:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/02 11:39:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/02 11:38:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 11:38:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 11:36:41 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\John Callery\NTUSER.DAT
[2010/03/02 11:36:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John Callery\ntuser.ini
[2010/03/02 11:21:37 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 11:19:02 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Callery\Desktop\mbam-setup.exe
[2010/03/02 10:58:31 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/03/02 10:33:12 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BidMagic SnapAV Edition.lnk
[2010/03/02 10:22:24 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/02 10:22:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/02 09:34:14 | 000,068,456 | ---- | M] () -- C:\Documents and Settings\John Callery\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/02 09:33:59 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/01 23:29:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/01 23:29:42 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/03/01 23:29:41 | 000,242,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/01 23:29:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/01 23:29:41 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/01 23:29:40 | 056,199,314 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/01 23:29:40 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/01 23:29:40 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/01 19:07:45 | 000,012,432 | ---- | M] () -- C:\LIGHTS.CSV
[2010/03/01 08:37:04 | 000,508,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Callery\Desktop\OTM.exe
[2010/02/26 13:34:19 | 006,877,836 | ---- | M] () -- C:\Documents and Settings\John Callery\Desktop\WAP4410N_Admin_Guide.pdf
[2010/02/26 11:02:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/02/26 08:46:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/25 21:34:44 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RadioRA 2 0.9.17.lnk
[2010/02/25 09:42:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/25 00:02:00 | 119,070,704 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\John Callery\My Documents\avg_ipw_stf_all_90_785a2708.exe
[2010/02/16 17:10:03 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\John Callery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/02 07:07:10 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 23:29:42 | 000,001,509 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/03/01 23:29:40 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/01 23:29:37 | 056,199,314 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/26 13:34:19 | 006,877,836 | ---- | C] () -- C:\Documents and Settings\John Callery\Desktop\WAP4410N_Admin_Guide.pdf
[2010/02/25 21:36:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/25 17:04:22 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RadioRA 2 0.9.17.lnk
[2010/02/10 11:11:39 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/10 11:11:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/25 09:53:57 | 040,547,165 | ---- | C] () -- C:\Program Files\MX950newSetup.zip
[2009/06/19 16:12:28 | 000,000,086 | ---- | C] () -- C:\Program Files\Mike carter Key.txt
[2009/05/08 14:05:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\John Callery\Application Data\$_hpcst$.hpc
[2009/04/16 18:44:49 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\John Callery\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/30 21:58:14 | 000,001,282 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/03/30 21:55:49 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\John Callery\Local Settings\Application Data\FASTWiz.log
[2009/03/05 21:50:32 | 000,000,063 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2009/03/05 21:50:23 | 000,010,705 | ---- | C] () -- C:\WINDOWS\coolcust.ini
[2009/03/05 21:50:19 | 000,007,139 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2009/01/28 20:49:16 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2009/01/28 20:49:16 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2009/01/28 20:49:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/01/28 20:49:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/01/28 20:48:13 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/28 19:04:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/01/28 19:04:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/28 19:01:36 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/28 18:58:36 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/28 18:58:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/04/25 15:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2003/01/25 10:52:14 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
< End of report >

callagoob
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows xp
Points Points : 24853
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by callagoob on 2nd March 2010, 5:50 pm

OTL Extras logfile created on: 3/2/2010 11:44:30 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\John Callery\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 182.02 Gb Free Space | 81.60% Space Free | Partition Type: NTFS
Drive D: | 11.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CALLERY
Current User Name: John Callery
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour
"9000:TCP" = 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:SqueezeCenter 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:SqueezeCenter 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:SqueezeCenter 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:SqueezeCenter 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:SqueezeCenter 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:SqueezeCenter 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:SqueezeCenter 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:SqueezeCenter 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:SqueezeCenter 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:SqueezeCenter 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:SqueezeCenter 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:SqueezeCenter 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:SqueezeCenter 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:SqueezeCenter 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Nevo\NevoStudio Pro\NevoStudioPro.exe" = C:\Program Files\Nevo\NevoStudio Pro\NevoStudioPro.exe:*:Enabled:NevoStudio Pro -- (UEI)
"C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\NETGEAR ReadyNAS\RAIDar.exe" = C:\Program Files\NETGEAR ReadyNAS\RAIDar.exe:*:Enabled:Monitor ReadyNAS device -- (Netgear Inc.)
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" = C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlserver -- (Microsoft Corporation)
"C:\Program Files\Simplify Media\SimplifyMedia.exe" = C:\Program Files\Simplify Media\SimplifyMedia.exe:*:Enabled:Simplify Media -- (Simplify Media, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Setup -- File not found
"C:\Program Files\ELAN Home Systems\VIA Tools 9\ElanTools\elantoolapp.exe" = C:\Program Files\ELAN Home Systems\VIA Tools 9\ElanTools\elantoolapp.exe:*:Enabled: -- (Elan Home Systems)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{107C3F45-FEB6-49C2-9958-5F93844BEE50}" = VIA Tools 9
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810" = Canon MP810
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{302508F3-5CB4-4C8D-A17B-708ED6D06F9E}" = BidMagic Snap AV
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{354AAEAF-38A5-42CC-ABED-3654DAF093E6}" = OneHome Demo
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3E595F6F-FB1A-4510-B4EA-01A49D84275B}" = RadioRA 2 0.9.17
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{43274993-56DB-472B-95FD-73C7B5B4B598}" = Simplify Media
"{47BF7313-78E7-4C13-90FB-BB153D836841}" = KP-900 Editor
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (RADIORA2)
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7759892D-6C4D-406D-8D99-C52DD25367E6}" = OneHome Connect
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB21B9A7-6AF7-4E3F-BF1B-792A40B313CB}" = Integration Designer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AE27A99F-27D5-48B9-B808-5BFCBB453B5E}" = Integration Designer
"{B762B2A5-883B-454B-A586-1DF6C4528262}" = MX-950 Editor
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E707D39B-7944-4640-A29E-2B7C0B84F224}" = MX-810 ProWizard
"{EE690DCE-5D8D-4E52-9F72-F3ADE168A631}" = QBFC 6.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"654DAFF344F269198F492202E6759D45904E389B" = Windows Driver Package - RTI ZB-Pro Driver Package (02/17/2009 2.04.16)
"7883676FB1B8416356883298EA4A44991795F481" = Windows Driver Package - Remote Technologies Inc. (WinUSB) Control Device (04/07/2009 2.0.0.201)
"91F1270CF64801521557E983D82131355D4BA7B0" = Windows Driver Package - RTI ZB-Pro Driver Package (02/17/2009 2.04.16)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AF6FB714D7B4E3BCEC063A7122BE735D643BBB51" = Windows Driver Package - RTI (RTIUSB) Control Device (12/14/2005 1.01.101)
"ATT-PRT22" = ATT-PRT22
"AVG9Uninstall" = AVG 9.0
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CD Wave_is1" = CD Wave Editor version 1.93.3
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool Edit Pro" = Cool Edit Pro v1.2 fixed
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{3E595F6F-FB1A-4510-B4EA-01A49D84275B}" = RadioRA 2 0.9.17
"InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSNINST" = MSN
"NevoStudio Pro" = NevoStudio Pro
"PROPLUS" = Microsoft Office Professional Plus 2007
"RAIDar 4.01c1-p1" = RAIDar 4.01c1-p1
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"SLABCOMM&10C4&EA60" = CP210x USB to UART Bridge Controller
"SqueezeCenter_is1" = SqueezeCenter 7.3.3
"Steinberg WaveLab 5.00a" = Steinberg WaveLab 5.00a
"VIA Tools 9" = VIA Tools 9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2010 3:16:05 PM | Computer Name = CALLERY | Source = Google Update | ID = 20
Description =

Error - 2/23/2010 12:02:11 AM | Computer Name = CALLERY | Source = Google Update | ID = 20
Description =

Error - 2/24/2010 7:16:05 PM | Computer Name = CALLERY | Source = Google Update | ID = 20
Description =

Error - 2/24/2010 8:50:53 PM | Computer Name = CALLERY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18876, fault address 0x000dc35e.

Error - 2/24/2010 8:51:22 PM | Computer Name = CALLERY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/26/2010 5:56:29 PM | Computer Name = CALLERY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module hpslpsvc32.dll, version 100.0.170.0, fault address 0x000410c9.

Error - 3/1/2010 11:48:22 AM | Computer Name = CALLERY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module hpslpsvc32.dll, version 100.0.170.0, fault address 0x000410c9.

Error - 3/1/2010 6:41:09 PM | Computer Name = CALLERY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module hpslpsvc32.dll, version 100.0.170.0, fault address 0x000410c9.

Error - 3/1/2010 7:02:58 PM | Computer Name = CALLERY | Source = Application Hang | ID = 1002
Description = Hanging application HLCONFIG.EXE, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/2/2010 12:22:06 PM | Computer Name = CALLERY | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 1/27/2010 5:46:11 PM | Computer Name = CALLERY | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/27/2010 7:45:25 PM | Computer Name = CALLERY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.106 on
the Network Card with network address 00242B60B5DF.

Error - 1/31/2010 10:54:21 PM | Computer Name = CALLERY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.109 on
the Network Card with network address 00242B60B5DF.

Error - 2/1/2010 4:06:43 PM | Computer Name = CALLERY | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly. It
has done this 2 time(s).

Error - 2/1/2010 5:04:35 PM | Computer Name = CALLERY | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 2/2/2010 3:43:53 PM | Computer Name = CALLERY | Source = Print | ID = 6161
Description = The document viewdocument.ashx owned by John Callery failed to print
on printer Canon MP810. Data type: NT EMF 1.008. Size of the spool file in bytes:
1275456. Number of bytes printed: 1145592. Total number of pages in the document:
5. Number of pages printed: 0. Client machine: \\CALLERY. Win32 error code returned
by the print processor: 13 (0xd).

Error - 2/2/2010 3:43:58 PM | Computer Name = CALLERY | Source = Print | ID = 6161
Description = The document viewdocument.ashx owned by John Callery failed to print
on printer Canon MP810. Data type: NT EMF 1.008. Size of the spool file in bytes:
1505228. Number of bytes printed: 129772. Total number of pages in the document:
5. Number of pages printed: 0. Client machine: \\CALLERY. Win32 error code returned
by the print processor: 13 (0xd).

Error - 2/2/2010 10:52:22 PM | Computer Name = CALLERY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.109 on
the Network Card with network address 00242B60B5DF.

Error - 2/8/2010 1:47:56 PM | Computer Name = CALLERY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.109 on
the Network Card with network address 00242B60B5DF.

Error - 2/9/2010 11:16:14 PM | Computer Name = CALLERY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.109 for the Network Card with network
address 00242B60B5DF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

callagoob
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows xp
Points Points : 24853
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by Belahzur on 2nd March 2010, 5:54 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 7
    Java(TM) 6 Update 13

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    [2010/03/01 19:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Callery\Local Settings\Application Data\vmmyux

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by callagoob on 2nd March 2010, 6:06 pm

All processes killed
========== OTL ==========
C:\Documents and Settings\John Callery\Local Settings\Application Data\vmmyux folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 321 bytes

User: All Users

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes

User: John Callery
->Temp folder emptied: 2844178379 bytes
->Temporary Internet Files folder emptied: 107572737 bytes
->Java cache emptied: 37939594 bytes
->Apple Safari cache emptied: 11734569 bytes
->Flash cache emptied: 1988319 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13378150 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 483263 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53720537 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23998214 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4286081406 bytes

Total Files Cleaned = 7,039.00 mb


OTL by OldTimer - Version 3.1.32.0 log created on 03022010_115905

Files\Folders moved on Reboot...
C:\Documents and Settings\John Callery\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
File\Folder C:\Documents and Settings\John Callery\Local Settings\Temp\Perflib_Perfdata_f14.dat not found!
File\Folder C:\Documents and Settings\John Callery\Local Settings\Temp\~DF39C1.tmp not found!
File\Folder C:\Documents and Settings\John Callery\Local Settings\Temp\~DF39DC.tmp not found!
File\Folder C:\Documents and Settings\John Callery\Local Settings\Temp\~DF3AB6.tmp not found!
File\Folder C:\Documents and Settings\John Callery\Local Settings\Temp\~DF3ABB.tmp not found!
File\Folder C:\Documents and Settings\John Callery\Local Settings\Temp\~DF3AE3.tmp not found!
File\Folder C:\Documents and Settings\John Callery\Local Settings\Temp\~DF3AE8.tmp not found!
C:\Documents and Settings\John Callery\Local Settings\Temporary Internet Files\Content.IE5\TOOOZ080\my-hijackthis-log-filebankerfoxa-t19840[1].htm moved successfully.

Registry entries deleted on Reboot...

callagoob
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows xp
Points Points : 24853
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by Belahzur on 2nd March 2010, 6:23 pm

Okay, lets finish this up.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by callagoob on 2nd March 2010, 7:48 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=23ed855861558a44adaeedd167fdfdbf
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-02 07:32:05
# local_time=2010-03-02 01:32:05 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1029 16777173 100 90 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=159135
# found=2
# cleaned=2
# scan_time=3531
C:\Music Programs\Wavelab 5\Wavelab 5.0a\setup.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03022010_115905\C_Documents and Settings\John Callery\Local Settings\Application Data\vmmyux\dtwesftav.exe Win32/Adware.SpyProtector application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

callagoob
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows xp
Points Points : 24853
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by Belahzur on 2nd March 2010, 10:40 pm

Hello.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by callagoob on 3rd March 2010, 1:12 am

THANKS Belahzur,

Everything seems to be working just as it was. I will post if anything seems wierd but looks ok so far.
I really appreciate the time and help. I will be helping the site with a donation!

thanks,
callagoob

callagoob
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-02
OS OS : windows xp
Points Points : 24853
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My HijackThis log file....**BankerFox.A/**

Post by Belahzur on 3rd March 2010, 2:49 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum