Need Help Removing Mirar From My PC

Bradhosker · Sep 10, 2009

Hi, i recently noticed i kept getting pop ups on IE from a toobal named Mirar, ive disabled it from IE but need help removing it from my PC. Im quite inexperienced in doing this so i need help please

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:31, on 10/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Paul Hosker\Application Data\DealAssistant\dealassistant.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Paul Hosker\Desktop\OTS.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Mirar - {746C4A87-6FF7-4C51-8DE3-360BE953AC94} - C:\WINDOWS\system32\bf78.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Mirar - {746C4A86-6FF7-4C51-8DE3-360BE953AC94} - C:\WINDOWS\system32\bf78.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DealAssistant] C:\Documents and Settings\Paul Hosker\Application Data\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Documents and Settings\Paul Hosker\Application Data\Microsoft\Windows\pfapupl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11064 bytes

Any help will be appreciated thanks !

Bradhosker · Sep 10, 2009

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:33, on 10/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Paul Hosker\Desktop\OTS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Documents and Settings\Paul Hosker\Application Data\Microsoft\Windows\pfapupl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10629 bytes

Bradhosker · Sep 10, 2009

OST LOG

Code:

OTS logfile created on: 10/09/2009 18:22:48 - Run 3
OTS by OldTimer - Version 3.0.12.0     Folder = C:\Documents and Settings\Paul Hosker\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
510.09 Mb Total Physical Memory | 120.79 Mb Available Physical Memory | 23.68% Memory free
1.22 Gb Paging File | 0.56 Gb Available in Paging File | 45.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 194.73 Gb Free Space | 83.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PAUL-D6402B9645
Current User Name: Paul Hosker
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/20 17:07:43 | 01,029,456 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/07/20 17:07:47 | 00,520,024 | ---- | M] (Lavasoft)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG8\avgcsrvx.exe -> [2009/08/28 11:30:55 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/28 11:30:51 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/28 11:30:52 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/28 11:30:56 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/08/28 11:30:47 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/28 11:30:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
btagile.exe -> C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe -> [2007/06/18 09:39:10 | 00,061,440 | ---- | M] ()
bthelpnotifier.exe -> C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe -> [2007/05/23 07:22:06 | 00,936,960 | ---- | M] (Motive Communications, Inc.)
cocimanager.exe -> C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe -> [2007/07/25 16:02:32 | 00,403,728 | ---- | M] (Logitech Inc.)
communications_helper.exe -> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe -> [2007/07/25 16:02:54 | 00,563,984 | ---- | M] ()
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/09/10 10:33:50 | 00,307,704 | ---- | M] (Mozilla Corporation)
hijackthis.exe -> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -> [2009/09/10 12:33:24 | 00,396,288 | ---- | M] (Trend Micro Inc.)
incd.exe -> C:\Program Files\Ahead\InCD\InCD.exe -> [2005/07/08 15:25:10 | 01,397,760 | ---- | M] (Nero AG)
incdsrv.exe -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> [2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.)
itunes.exe -> C:\Program Files\iTunes\iTunes.exe -> [2009/07/13 14:02:56 | 14,074,656 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
lmiguardian.exe -> C:\Program Files\LogMeIn\x86\LMIGuardian.exe -> [2008/10/16 20:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.)
logitechdesktopmessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2009/04/29 18:16:27 | 00,067,128 | ---- | M] (Logitech Inc.)
logmeinsystray.exe -> C:\Program Files\LogMeIn\x86\LogMeInSystray.exe -> [2008/07/24 18:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
lvcomser.exe -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.)
lvcomser.exe -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.)
lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/07/20 00:40:48 | 00,137,752 | ---- | M] (Logitech Inc.)
mccitrayapp.exe -> C:\Program Files\btbb_wcm\McciTrayApp.exe -> [2006/12/07 07:59:49 | 00,935,936 | ---- | M] (Motive Communications, Inc.)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2004/11/11 18:10:00 | 00,127,046 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Documents and Settings\Paul Hosker\Desktop\OTS.exe -> [2009/09/10 12:26:00 | 00,516,096 | ---- | M] (OldTimer Tools)
pdvdserv.exe -> C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe -> [2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.)
quickcam.exe -> C:\Program Files\Logitech\QuickCam\Quickcam.exe -> [2007/07/25 16:06:30 | 02,027,792 | ---- | M] ()
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2004/10/14 16:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.)
unsecapp.exe -> C:\WINDOWS\System32\wbem\unsecapp.exe -> [2004/08/04 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation)
ybrwicon.exe -> C:\Program Files\Yahoo!\browser\ybrwicon.exe -> [2006/07/21 16:19:46 | 00,129,536 | ---- | M] (Yahoo! Inc.)
ycommon.exe -> C:\Program Files\Yahoo!\browser\ycommon.exe -> [2006/03/03 14:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.)
(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/28 11:30:51 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/28 11:30:45 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> [2005/07/08 17:24:46 | 00,871,424 | ---- | M] (Nero AG)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2009/07/20 17:07:43 | 01,029,456 | ---- | M] (Lavasoft)
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Disabled | Stopped] -> C:\Program Files\LogMeIn\x86\RaMaint.exe -> [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.)
(LogMeIn) LogMeIn [Win32_Own | Disabled | Stopped] -> C:\Program Files\LogMeIn\x86\LogMeIn.exe -> [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.)
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.)
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/07/20 00:40:48 | 00,137,752 | ---- | M] (Logitech Inc.)
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -> [2007/07/20 00:42:30 | 00,141,848 | ---- | M] (Logitech Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2004/11/11 18:10:00 | 00,127,046 | ---- | M] (NVIDIA Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\system32\YPcservice.exe -> [2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.)
 
[Driver Services - Safe List]
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/08/28 11:30:55 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/08/28 11:30:55 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/05/05 20:21:11 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\b57xp32.sys -> [2004/04/29 18:55:42 | 00,186,112 | ---- | M] (Broadcom Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -> [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -> [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.)
(InCDfs) InCD File System [File_System | Disabled | Running] -> C:\WINDOWS\System32\drivers\InCDfs.sys -> [2005/07/08 17:17:54 | 00,099,584 | ---- | M] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Running] -> C:\WINDOWS\System32\DRIVERS\InCDPass.sys -> [2005/07/08 17:17:36 | 00,029,696 | ---- | M] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\InCDrm.sys -> [2005/07/08 15:17:32 | 00,028,672 | ---- | M] (Nero AG)
(Lbd) Lbd [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\Lbd.sys -> [2009/05/04 17:09:26 | 00,064,160 | ---- | M] (Lavasoft AB)
(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> C:\Program Files\LogMeIn\x86\RaInfo.sys -> [2008/07/24 18:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.)
(lmimirr) lmimirr [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\lmimirr.sys -> [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.)
(LMIRfsClientNP) LMIRfsClientNP [File_System | Disabled | Stopped] -> C:\WINDOWS\System32\LMIRfsClientNP.dll -> [2008/10/16 20:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.)
(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -> [2008/07/24 18:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.)
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\LVcKap.sys -> [2007/07/20 00:37:56 | 02,109,592 | ---- | M] (Logitech Inc.)
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys -> [2007/07/20 00:39:50 | 02,142,488 | ---- | M] (Logitech Inc.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -> [2007/07/18 17:42:42 | 00,025,624 | ---- | M] ()
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\LVUSBSta.sys -> [2007/07/19 01:44:00 | 00,041,752 | R--- | M] (Logitech Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -> [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\MODEMCSA.sys -> [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMPR5.sys -> [2006/05/04 12:02:06 | 00,019,345 | ---- | M] (Motive, Inc.)
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Motive\MRENDIS5.sys -> [2006/05/29 07:07:33 | 00,018,003 | ---- | M] (Motive, Inc.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2004/11/11 18:10:00 | 02,738,400 | ---- | M] (NVIDIA Corporation)
(pepifilter) Volume Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lv302af.sys -> [2007/07/19 01:39:15 | 00,013,848 | R--- | M] (Logitech Inc.)
(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -> [2007/07/19 01:39:15 | 01,278,104 | R--- | M] (Logitech Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008/04/13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\senfilt.sys -> [2004/09/17 11:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\smwdm.sys -> [2004/10/29 15:14:44 | 00,260,096 | ---- | M] (Analog Devices, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\usbaapl.sys -> [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -> [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/ -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.co.uk/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/10/26 11:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Paul Hosker\Application Data\Mozilla\FireFox\Profiles\uuvbbp43.default\prefs.js -> 
browser.startup.homepage -> "http://mail.live.com/default.aspx?wa=wsignin1.0|http://www.facebook.com/home.php|http://www.google.co.uk/" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Paul Hosker\Application Data\Mozilla\FireFox\Profiles\uuvbbp43.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/05/10 16:46:15 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/09/10 10:34:34 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/09/10 10:34:35 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Paul Hosker\Application Data\mozilla\Extensions -> [2009/04/22 19:23:20 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Paul Hosker\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/04/22 19:23:20 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Paul Hosker\Application Data\mozilla\Extensions\mozswing@mozswing.org -> [2009/04/22 19:23:20 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Paul Hosker\Application Data\mozilla\Firefox\Profiles\uuvbbp43.default\extensions -> [2009/09/10 11:41:49 | 00,096,581 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/09/10 10:34:34 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/09/10 10:34:34 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009/09/10 10:34:34 | 09,767,928 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/09/10 10:34:34 | 09,767,928 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/09/10 10:34:34 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/09/10 10:33:43 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/09/10 10:33:44 | 00,134,648 | ---- | M] (Mozilla Foundation)
rpff.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\rpff.dll -> [2009/09/09 23:49:43 | 00,210,944 | ---- | M] ()
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/09/10 10:34:35 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/09/10 10:34:09 | 00,065,528 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/06/06 09:36:00 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/06/06 09:36:00 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/06/06 09:36:00 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/06/06 09:36:00 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/06/06 09:36:00 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/06/06 09:36:00 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/06/06 09:36:00 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/06/06 09:36:00 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/04/22 19:19:44 | 00,000,000 | ---D | M]
amazon-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-en-GB.xml -> [2008/01/04 16:36:50 | 00,001,538 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2006/07/05 19:47:38 | 00,002,193 | ---- | M] ()
chambers-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\chambers-en-GB.xml -> [2008/01/04 16:36:50 | 00,000,947 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2008/03/08 10:35:22 | 00,001,534 | ---- | M] ()
eBay-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-en-GB.xml -> [2008/09/22 20:14:04 | 00,000,759 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2008/04/16 05:08:20 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2008/03/28 19:11:14 | 00,001,178 | ---- | M] ()
yahoo-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-en-GB.xml -> [2008/01/04 16:36:50 | 00,000,831 | ---- | M] ()
< HOSTS File > (312232 bytes and 10794 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1001namen.com
127.0.0.1    1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [2001/04/16 16:39:02 | 00,037,808 | ---- | M] ()
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/08/28 11:30:49 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKLM] -> C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> [2005/02/03 17:07:08 | 00,124,032 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/10/26 11:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/10/26 11:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Ad-Watch" -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/07/20 17:07:47 | 00,520,024 | ---- | M] (Lavasoft)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/08/28 11:30:47 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
"btbb_McciTrayApp" -> C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe [C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe] -> [2007/05/23 07:22:06 | 00,936,960 | ---- | M] (Motive Communications, Inc.)
"btbb_wcm_McciTrayApp" -> C:\Program Files\btbb_wcm\McciTrayApp.exe [C:\Program Files\btbb_wcm\McciTrayApp.exe] -> [2006/12/07 07:59:49 | 00,935,936 | ---- | M] (Motive Communications, Inc.)
"InCD" -> C:\Program Files\Ahead\InCD\InCD.exe [C:\Program Files\Ahead\InCD\InCD.exe] -> [2005/07/08 15:25:10 | 01,397,760 | ---- | M] (Nero AG)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.)

Bradhosker · Sep 10, 2009

"LogitechCommunicationsManager" -> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [2007/07/25 16:02:54 | 00,563,984 | ---- | M] ()
"LogitechQuickCamRibbon" -> C:\Program Files\Logitech\QuickCam\Quickcam.exe ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> [2007/07/25 16:06:30 | 02,027,792 | ---- | M] ()
"LogMeIn GUI" -> C:\Program Files\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> [2008/07/24 18:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.)
"NeroFilterCheck" -> C:\WINDOWS\System32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 10:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2004/11/11 18:10:00 | 04,583,424 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RemoteControl" -> C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"] -> [2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.)
"SoundMAXPnP" -> C:\Program Files\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2004/10/14 16:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"YBrowser" -> C:\Program Files\Yahoo!\browser\ybrwicon.exe [C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe] -> [2006/07/21 16:19:46 | 00,129,536 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BTAgile" -> C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe [C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe] -> [2007/06/18 09:39:10 | 00,061,440 | ---- | M] ()
"MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"SfKg6wIPuSpdcduD7" -> C:\Documents and Settings\Paul Hosker\Application Data\Microsoft\Windows\pfapupl.exe [C:\Documents and Settings\Paul Hosker\Application Data\Microsoft\Windows\pfapupl.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk -> C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe -> [2006/05/24 13:22:16 | 00,217,088 | ---- | M] (Motive Communications, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2009/04/29 18:16:27 | 00,067,128 | ---- | M] (Logitech Inc.)
< Paul Hosker Startup Folder > -> C:\Documents and Settings\Paul Hosker\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: BT Yahoo! Services] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
Extension\.spop -> C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [Reg Error: Value error.] -> [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5474 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5473 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.254 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{FA9FD2CB-C076-4318-B1E0-193ABB02123A}\\DhcpNameServer -> 192.168.1.254 (Broadcom NetXtreme 57xx Gigabit Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/28 11:30:56 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
LMIinit -> C:\WINDOWS\System32\LMIinit.dll -> [2008/10/16 20:35:38 | 00,087,352 | ---- | M] (LogMeIn, Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2009/04/29 18:16:27 | 00,067,128 | ---- | M] (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/08/28 11:30:51 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/08/28 11:30:52 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/08/28 11:30:11 | 01,165,592 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/07/13 14:02:56 | 14,074,656 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2009/03/10 21:10:51 | 00,139,776 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2009/04/29 18:16:27 | 00,067,128 | ---- | M] (Logitech Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/09/10 10:33:50 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/04/09 14:11:24 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{07287123-B8AC-41CE-8346-3D777245C35B} -> Bonjour
{0AAA9C97-74D4-47CE-B089-0B147EF3553C} -> Windows Live Messenger
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> Multimedia Launcher
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 13
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{35725FBC-A136-4A46-9F29-091759D9BB93} -> MVision
{364EC092-93CF-4DDC-9D7A-7278452028E0} -> Logitech QuickCam
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} -> Microsoft Works
{45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7F831576-6246-42C7-B523-55B3F96509CC} -> LogMeIn
{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard
{900B1197-53F5-4F46-A882-2CFFFE2EEDCB} -> Logitech Desktop Messenger
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944} -> iTunes
{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B7A0CE06-068E-11D6-97FD-0050BACBF861} -> PowerProducer
{B97CF5C3-0487-11D8-A36E-0050BAE317E1} -> DVD Solution
{BE6890C7-31EF-478C-812E-1E2899ABFCA9} -> Broadcom Gigabit Integrated Controller
{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3} -> Apple Mobile Device Support
{C6CA8874-5F22-4AF0-9BE3-016BF299C536} -> Windows Live Essentials
{C78EAC6F-7A73-452E-8134-DBB2165C5A68} -> QuickTime
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware
{F0A37341-D692-11D4-A984-009027EC0A9C} -> SoundMAX
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
Ad-Aware -> Ad-Aware
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
AVG8Uninstall -> AVG 8.5
BT Broadband Talk Softphone Frontier_is1 -> BT Broadband Talk Softphone 3.1
BT Yahoo! Applications -> BT Yahoo! Applications
btbb.MCCInstall -> BT Broadband Desktop Help
BTHomeHub -> BTHomeHub
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc Modem
Driving Test Success - All Tests_is1 -> Driving Test Success - All Tests (2008-2009)
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
ie8 -> Windows Internet Explorer 8
InCD!UninstallKey -> InCD
InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9} -> Broadcom Gigabit Integrated Controller
LimeWire -> LimeWire 5.1.2
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Messenger Plus! Live -> Messenger Plus! Live
Money2005b -> Microsoft Money
Mozilla Firefox (3.0.14) -> Mozilla Firefox (3.0.14)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Nero - Burning Rom!UninstallKey -> Nero OEM
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NVIDIA Drivers -> NVIDIA Drivers
QcDrv -> Logitech® Camera Driver
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinLiveSuite_Wave3 -> Windows Live Essentials
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Xvid_is1 -> Xvid 1.1.3 final uninstall
Yahoo! Toolbar -> Yahoo! Toolbar
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->

[Files/Folders - Created Within 30 Days]
Malwarebytes -> C:\Documents and Settings\Paul Hosker\Application Data\Malwarebytes -> [2009/09/10 13:16:59 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/10 13:16:55 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/09/10 13:16:52 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/09/10 13:16:51 | 00,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/09/10 13:16:50 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/09/10 13:16:50 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\Paul Hosker\Desktop\mbam-setup.exe -> [2009/09/10 13:16:01 | 03,942,048 | ---- | C] (Malwarebytes Corporation )
_OTS -> C:\_OTS -> [2009/09/10 13:03:33 | 00,000,000 | ---D | C]
HijackThis.lnk -> C:\Documents and Settings\Paul Hosker\Desktop\HijackThis.lnk -> [2009/09/10 12:33:25 | 00,001,734 | ---- | C] ()
Trend Micro -> C:\Program Files\Trend Micro -> [2009/09/10 12:33:23 | 00,000,000 | ---D | C]
HJTsetup.exe -> C:\Documents and Settings\Paul Hosker\Desktop\HJTsetup.exe -> [2009/09/10 12:32:57 | 00,812,344 | ---- | C] (Trend Micro Inc.)
OTS.exe -> C:\Documents and Settings\Paul Hosker\Desktop\OTS.exe -> [2009/09/10 12:25:59 | 00,516,096 | ---- | C] (OldTimer Tools)
Config.Msi -> C:\Config.Msi -> [2009/09/10 12:03:39 | 00,000,000 | ---D | C]
My Chat Logs -> C:\Documents and Settings\Paul Hosker\My Documents\My Chat Logs -> [2009/09/07 16:27:26 | 00,000,000 | ---D | C]
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/08/28 01:05:34 | 00,000,664 | ---- | C] ()
wmpns.dll -> C:\WINDOWS\System32\wmpns.dll -> [2009/08/13 23:55:20 | 00,221,184 | ---- | C] (Microsoft Corporation)
msoe.dll -> C:\WINDOWS\System32\dllcache\msoe.dll -> [2009/08/13 20:39:08 | 01,315,328 | ---- | C] (Microsoft Corporation)
lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2009/04/29 21:41:20 | 00,058,163 | R--- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/04/26 21:04:54 | 00,765,952 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/04/26 21:04:54 | 00,180,224 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/04/26 20:55:40 | 00,000,069 | ---- | C] ()
YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2009/04/22 18:38:14 | 00,065,536 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2009/04/09 17:16:44 | 00,000,376 | ---- | C] ()
LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2007/07/18 17:42:42 | 00,025,624 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2004/08/04 13:00:00 | 00,000,603 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2004/08/04 13:00:00 | 00,000,231 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 00,002,695 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
55 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/09/10 17:50:49 | 00,002,137 | ---- | M] ()
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2009/09/10 17:48:41 | 00,007,275 | ---- | M] ()
Perflib_Perfdata_b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat -> [2009/09/10 17:48:37 | 00,000,000 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/09/10 17:48:10 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/09/10 17:48:03 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Paul Hosker\NTUSER.DAT -> [2009/09/10 14:35:27 | 06,815,744 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Paul Hosker\ntuser.ini -> [2009/09/10 14:35:27 | 00,000,278 | -HS- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/09/10 13:16:55 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\Paul Hosker\Desktop\mbam-setup.exe -> [2009/09/10 13:16:14 | 03,942,048 | ---- | M] (Malwarebytes Corporation )
HijackThis.lnk -> C:\Documents and Settings\Paul Hosker\Desktop\HijackThis.lnk -> [2009/09/10 12:33:25 | 00,001,734 | ---- | M] ()
HJTsetup.exe -> C:\Documents and Settings\Paul Hosker\Desktop\HJTsetup.exe -> [2009/09/10 12:32:57 | 00,812,344 | ---- | M] (Trend Micro Inc.)
OTS.exe -> C:\Documents and Settings\Paul Hosker\Desktop\OTS.exe -> [2009/09/10 12:26:00 | 00,516,096 | ---- | M] (OldTimer Tools)
IconCache.db -> C:\Documents and Settings\Paul Hosker\Local Settings\Application Data\IconCache.db -> [2009/09/10 12:06:26 | 05,330,858 | -H-- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/09/10 11:33:29 | 00,001,917 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/09/10 10:30:34 | 00,091,340 | ---- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/09/10 10:30:33 | 40,951,479 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/09/10 10:27:50 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/09/10 10:27:50 | 00,004,232 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/09/08 21:50:39 | 00,013,646 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/09/07 17:05:32 | 00,000,472 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/08/31 23:01:40 | 00,000,664 | ---- | M] ()
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation)
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/28 11:30:56 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/08/28 11:30:55 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/08/28 11:30:55 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/04/23 23:39:52 | 00,008,206 | ---- | M] ()
LDMClient.exe -> C:\Documents and Settings\Paul Hosker\Local Settings\Temp\ins1.tmp\LDMClient.exe -> [2007/02/01 10:30:08 | 04,249,928 | R--- | M] (Logitech Inc.)
< End of report >
[/code]MBAM

I ran MBAM and removed what was nesscecary and the logs provided are after i used MBAM. Cheers

Bradhosker · Sep 11, 2009

Bradhosker · Sep 12, 2009

dvk01 · Sep 13, 2009

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Bradhosker · Sep 13, 2009

Thanks for your reply and i shall do the scans required and get back to you thanks !

Bradhosker · Sep 14, 2009

Combo fix is taking longer than the time it says to scan. i shall leave it running tommoro when im out and i should post the results tomooro thanks again !

Need Help Removing Mirar From My PC

Bradhosker

Bradhosker

Bradhosker

Bradhosker

Bradhosker

Bradhosker

dvk01

Retired Moderator Retired Malware Specialist

Bradhosker

Bradhosker

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Welcome to Tech Support Guy!

Latest posts

Staff online

Members online