Solved Delayed write failed virus removed?

[Broni]

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[akaGizmo]

Much better!

 

[akaGizmo]

OTL.txt

OTL logfile created on: 3/23/2012 1:02:42 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kelli\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 60.62% Memory free
7.16 Gb Paging File | 6.05 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 58.87 Gb Free Space | 26.69% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.42 Gb Free Space | 55.54% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 01:00:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kelli\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/01 08:44:55 | 002,120,568 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/06/01 08:44:54 | 008,003,448 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/06/01 08:16:33 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/11/12 07:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\Kelli\AppData\Local\Temp\002907~1.EXE -- (0029071332293059mcinstcleanup) McAfee Application Installer Cleanup (0029071332293059)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 07:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Kelli\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/05/04 05:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 03:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/04 01:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 01:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/12 07:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 12:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 12:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 12:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100414232719829&tb_oid=01-05-2009&tb_mrud=03-11-2010
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 21:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/20 21:51:57 | 000,000,000 | ---D | M]

[2012/03/20 21:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelli\AppData\Roaming\Mozilla\Extensions
[2012/03/20 21:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\l79wd44r.default\extensions
[2012/03/20 21:54:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\l79wd44r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/20 21:54:20 | 000,002,112 | ---- | M] () -- C:\Users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\l79wd44r.default\searchplugins\wot-safe-search.xml
[2012/03/20 21:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/09 11:43:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/19 23:09:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 13:07:12 | 000,180,293 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/20 18:46:05 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/23 00:47:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rollbackrx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2274276225-3462577313-1908128153-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://wmtss1.wcsu.edu/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F7136FC-BD10-40C5-BB3A-A09C78481805}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 01:00:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kelli\Desktop\OTL.exe
[2012/03/23 00:50:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/23 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\temp
[2012/03/23 00:33:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/23 00:33:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/23 00:33:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/23 00:33:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/23 00:33:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/23 00:33:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/23 00:31:08 | 004,443,082 | R--- | C] (Swearware) -- C:\Users\Kelli\Desktop\ComboFix.exe
[2012/03/22 23:13:56 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Kelli\Desktop\FixTDSS.exe
[2012/03/22 22:42:55 | 000,000,000 | ---D | C] -- C:\Users\Kelli\Desktop\tdsskiller
[2012/03/22 22:27:01 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Apple
[2012/03/22 22:16:44 | 000,000,000 | ---D | C] -- C:\Users\Kelli\Desktop\bootkit_remover
[2012/03/22 21:56:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kelli\Desktop\aswMBR.exe
[2012/03/22 09:59:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kelli\Desktop\dds.scr
[2012/03/22 09:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/22 09:45:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/22 09:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/22 08:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/21 01:03:37 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/21 01:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/20 22:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/03/20 21:49:40 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Adobe
[2012/03/20 21:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Mozilla
[2012/03/20 21:24:33 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Mozilla
[2012/03/20 21:21:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
[2012/03/20 21:14:27 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Stardock_Corporation
[2012/03/20 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\AIM Toolbar
[2012/03/20 21:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Intel
[2012/03/20 21:08:47 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\KodakGallery
[2012/03/20 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Apple Computer
[2012/03/20 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Kelli\Documents\My Google Gadgets
[2012/03/20 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Apple Computer
[2012/03/20 21:06:13 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\MediaDirect
[2012/03/20 21:06:12 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Google
[2012/03/20 21:05:52 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\SupportSoft
[2012/03/20 21:05:50 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Symantec
[2012/03/20 21:05:19 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Searches
[2012/03/20 21:05:19 | 000,000,000 | R--D | C] -- C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/20 21:05:05 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Identities
[2012/03/20 21:05:01 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Contacts
[2012/03/20 21:05:01 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Dell
[2012/03/20 21:04:18 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\VirtualStore
[2012/03/20 19:38:44 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Macromedia
[2012/03/20 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Malwarebytes
[2012/03/20 19:36:06 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Adobe
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\AppData\Local\Temporary Internet Files
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Templates
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Start Menu
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\SendTo
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Recent
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\PrintHood
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\NetHood
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Documents\My Videos
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Documents\My Pictures
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Documents\My Music
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\My Documents
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Local Settings
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\AppData\Local\History
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Cookies
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\Application Data
[2012/03/20 19:35:47 | 000,000,000 | -HSD | C] -- C:\Users\Kelli\AppData\Local\Application Data
[2012/03/20 19:35:46 | 000,000,000 | --SD | C] -- C:\Users\Kelli\AppData\Roaming\Microsoft
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Videos
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Saved Games
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Pictures
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Music
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Links
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Favorites
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Downloads
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Documents
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\Desktop
[2012/03/20 19:35:46 | 000,000,000 | R--D | C] -- C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/20 19:35:46 | 000,000,000 | -H-D | C] -- C:\Users\Kelli\AppData
[2012/03/20 19:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kelli\Roaming
[2012/03/20 19:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Microsoft Help
[2012/03/20 19:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Local\Microsoft
[2012/03/20 19:35:46 | 000,000,000 | ---D | C] -- C:\Users\Kelli\AppData\Roaming\Media Center Programs
[2012/03/20 19:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/20 19:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/20 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/20 18:25:39 | 000,000,000 | ---D | C] -- C:\usr
[2012/03/20 17:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

========== Files - Modified Within 30 Days ==========

[2012/03/23 01:04:00 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8664DD1A-9AE7-4396-976B-16D3119F0393}.job
[2012/03/23 01:00:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kelli\Desktop\OTL.exe
[2012/03/23 00:47:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/23 00:36:37 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/23 00:31:08 | 004,443,082 | R--- | M] (Swearware) -- C:\Users\Kelli\Desktop\ComboFix.exe
[2012/03/23 00:14:47 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/23 00:14:47 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/23 00:08:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/23 00:07:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/23 00:07:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/23 00:07:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/22 23:14:00 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Kelli\Desktop\FixTDSS.exe
[2012/03/22 22:45:21 | 000,006,648 | ---- | M] () -- C:\Users\Kelli\AppData\Local\d3d9caps.dat
[2012/03/22 22:42:47 | 002,047,211 | ---- | M] () -- C:\Users\Kelli\Desktop\tdsskiller.zip
[2012/03/22 22:24:40 | 000,304,845 | ---- | M] () -- C:\Users\Kelli\Desktop\ListParts.exe
[2012/03/22 22:16:32 | 000,044,607 | ---- | M] () -- C:\Users\Kelli\Desktop\bootkit_remover.zip
[2012/03/22 21:53:38 | 297,433,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/22 21:50:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kelli\Desktop\aswMBR.exe
[2012/03/22 09:59:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kelli\Desktop\dds.scr
[2012/03/22 09:57:03 | 000,302,592 | ---- | M] () -- C:\Users\Kelli\Desktop\ujdq415g.exe
[2012/03/22 09:45:58 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 08:30:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/21 00:38:25 | 000,382,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/20 22:02:52 | 000,000,104 | ---- | M] () -- C:\Users\Kelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2012/03/20 22:02:27 | 000,000,951 | ---- | M] () -- C:\Users\Kelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/03/11 03:00:06 | 000,154,624 | RH-- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/03/11 03:00:06 | 000,106,496 | RH-- | M] () -- C:\Users\Public\Documents\ESBK.mb

========== Files Created - No Company Name ==========

[2012/03/23 00:33:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/23 00:33:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/23 00:33:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/23 00:33:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/23 00:33:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/22 22:42:38 | 002,047,211 | ---- | C] () -- C:\Users\Kelli\Desktop\tdsskiller.zip
[2012/03/22 22:24:27 | 000,304,845 | ---- | C] () -- C:\Users\Kelli\Desktop\ListParts.exe
[2012/03/22 22:16:29 | 000,044,607 | ---- | C] () -- C:\Users\Kelli\Desktop\bootkit_remover.zip
[2012/03/22 21:53:11 | 297,433,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/22 09:56:41 | 000,302,592 | ---- | C] () -- C:\Users\Kelli\Desktop\ujdq415g.exe
[2012/03/22 09:45:58 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 08:30:37 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/20 22:16:41 | 000,006,648 | ---- | C] () -- C:\Users\Kelli\AppData\Local\d3d9caps.dat
[2012/03/20 22:10:13 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/20 22:02:52 | 000,000,104 | ---- | C] () -- C:\Users\Kelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2012/03/20 22:02:27 | 000,000,951 | ---- | C] () -- C:\Users\Kelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/03/20 21:51:59 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/20 21:05:29 | 000,000,951 | ---- | C] () -- C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/20 21:05:17 | 000,000,946 | ---- | C] () -- C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/03/20 21:05:01 | 000,000,917 | ---- | C] () -- C:\Users\Kelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/03/20 19:35:46 | 000,000,258 | ---- | C] () -- C:\Users\Kelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/20 19:35:46 | 000,000,240 | ---- | C] () -- C:\Users\Kelli\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/20 17:54:38 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2010/09/07 22:25:57 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/07 22:25:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/22 22:25:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/03/23 00:06:11 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/23 01:04:00 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8664DD1A-9AE7-4396-976B-16D3119F0393}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 22:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2012/03/23 00:50:23 | 000,007,876 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/30 17:07:28 | 000,003,823 | RH-- | M] () -- C:\dell.sdr
[2011/02/16 09:37:45 | 000,001,105 | -H-- | M] () -- C:\IPH.PH
[2012/03/23 00:06:58 | 4061,261,824 | -HS- | M] () -- C:\pagefile.sys
[2008/07/30 14:46:21 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2012/03/23 00:29:35 | 000,117,904 | ---- | M] () -- C:\TDSSKiller.2.7.22.0_23.03.2012_00.09.33_log.txt
[2008/10/26 15:15:31 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/12/17 18:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/01/20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/20 22:02:27 | 000,000,281 | -HS- | M] () -- C:\Users\Kelli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/22 21:50:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kelli\Desktop\aswMBR.exe
[2012/03/23 00:31:08 | 004,443,082 | R--- | M] (Swearware) -- C:\Users\Kelli\Desktop\ComboFix.exe
[2012/03/22 23:14:00 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Kelli\Desktop\FixTDSS.exe
[2012/03/22 22:24:40 | 000,304,845 | ---- | M] () -- C:\Users\Kelli\Desktop\ListParts.exe
[2012/03/23 01:00:45 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kelli\Desktop\OTL.exe
[2012/03/22 09:57:03 | 000,302,592 | ---- | M] () -- C:\Users\Kelli\Desktop\ujdq415g.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/23 00:08:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/23 00:36:37 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/23 00:07:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/23 00:06:11 | 000,032,542 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/03/23 01:09:00 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8664DD1A-9AE7-4396-976B-16D3119F0393}.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/03/20 21:05:19 | 000,000,402 | -HS- | M] () -- C:\Users\Kelli\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/12/30 18:12:35 | 000,002,364 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2007/08/13 05:05:24 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

 

[akaGizmo]

Extras.txt

OTL Extras logfile created on: 3/23/2012 1:02:42 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kelli\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 60.62% Memory free
7.16 Gb Paging File | 6.05 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 58.87 Gb Free Space | 26.69% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.42 Gb Free Space | 55.54% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Kelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A162C73-A4F1-4A01-B7A6-5DC9F89CF63C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1C984D77-2AC9-4F3E-8987-035E4DCBE9B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{232883C3-F706-4B58-A28B-DD87001FCDE2}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{2DF8122C-7FF0-4974-BE72-ADF0D52A9745}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2F802842-C765-4496-A1B6-3DA4B24151AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43FB6685-286E-4BF2-BE72-C011416E62FA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4621BD86-CF40-47EB-AA73-77CAFC70F668}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{57AF73A7-53EA-4B11-AADD-D7314DACFFE7}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{83D16E45-ABBD-4F91-AF4E-E83A7ECBACED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83E630A5-1B9C-4182-BB14-BDA5463F4D36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8A681CDB-D308-4CFF-87F5-EAFA5A5F1D8D}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{99423EEE-9A27-4100-ACD3-8C2E9FF6BAB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1FCA343-D6B5-4CF0-8D4A-A6BE2DA97FFF}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{AA5E29BE-BFF6-4FAE-89DC-047F4D252C62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B261B726-826D-4759-9367-F5428A0DFB42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2A6EA6B-46B0-4AD1-9561-574E6F57151E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BF4DC3B7-1B81-4ED5-96BA-6E391ACF81A9}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{CDABECAD-3ED9-4F81-A5B3-BCDCF28EBBBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF00CE47-C954-4A17-91CD-4C8200D4B3DF}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25AB4AF3-1A82-442C-A4EA-1C07102B5782}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2742727B-DF47-4D7E-9632-8B03A47C9D9B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{29D42609-6019-4FB7-92F2-1F18BCD0DAF5}" = dir=in | app=e:\setup\hpznui01.exe |
"{2A750CC7-910E-405E-A6F2-CE1F19104468}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{2EE0FE4A-2FB6-47AD-A536-DD2B6FA33701}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3B80F2DA-384E-4158-9017-6BB21CDB9E98}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C0C7117-B6F2-4F06-9188-E8C3257E8A5B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{47A8FEDB-4CC6-4A23-A3AC-C38A73064066}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49C0AC58-2730-4CDC-9E7B-D1E6C757EEF9}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{4EDFCF16-7EE1-49E7-B707-5EE77172A1D8}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{6185FE09-A8E4-44DC-B39E-88E0F0189880}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{62289B09-7654-4060-8D36-08BF32CAEE1D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{656277E0-2158-46E4-933C-0C67241F4171}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{827504A1-C73C-4A76-86B0-8B627536B7DB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8B0C8528-3469-4D5C-A876-D90C4F1E54C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{98E35859-5A99-4120-822A-3449CA2318AD}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9AD51CC4-0807-4B39-B0C9-A2C8B3EF7BFD}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{9D821492-E582-45C8-ADD7-9BC3B73DE9E0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A333147B-66BE-42AB-B53D-77AF10204FB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AAFD1F03-CDB9-44F8-81C4-3BB37457F765}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AB549741-DB9F-44AC-8871-293A20363343}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B68EDBF3-7D58-4CD4-A332-2EAC5E300AFC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{BDC0BF45-87A4-4E93-94DE-9D6317F69329}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{C7E1E2F6-FF9E-4EBE-97B9-E265DDE20825}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{D2540C01-87AD-4BD4-B75C-C10D69E0AFF5}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{D7896920-05F5-461B-82E5-8718A52B71F4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E6D4BEA0-ED78-43E2-8260-29EB746C39E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1AC18404-7ED3-41FF-A56C-B2C0FBB2A349}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{AA52F9E6-BA06-4E27-8721-3F0A30F2A4A5}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{D83DCC95-1A7D-4A0F-88AD-55FA65FA6D61}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0B66CD94-0011-4310-80A5-5C66912F887F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{73F83261-B420-4D51-A50B-6F0E920E8365}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{EBE1883D-0470-47B2-8A65-8D49AAF317B7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Aleks 3.14" = Aleks 3.14
"CameraUserGuide-PSSX210IS" = Canon PowerShot SX210 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"Shop for HP Supplies" = Shop for HP Supplies
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 6" = TeamViewer 6
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2012 8:08:33 PM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module mshtml.dll, version 8.0.6001.19088, time stamp 0x4de090ed,
exception code 0xc0000005, fault offset 0x000678d8, process id 0x15d4, application
start time 0x01cd086d928f9dbd.

Error - 3/22/2012 9:35:37 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2012 9:45:05 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2012 9:45:46 PM | Computer Name = Kris-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/22/2012 9:48:02 PM | Computer Name = Kris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 3/22/2012 9:50:12 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2012 9:54:50 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/22/2012 11:18:28 PM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/23/2012 12:08:16 AM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/23/2012 1:06:17 AM | Computer Name = Kris-PC | Source = VSS | ID = 8193
Description =

[ Media Center Events ]
Error - 8/28/2008 10:46:05 AM | Computer Name = Kris-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/19/2008 8:41:49 PM | Computer Name = Kris-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/5/2008 1:35:11 PM | Computer Name = Kris-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/8/2008 8:59:09 PM | Computer Name = Kris-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 12/15/2010 3:50:19 AM | Computer Name = Kris-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43677
seconds with 1680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/22/2012 11:20:31 PM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 3/23/2012 12:06:11 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 3/23/2012 12:07:07 AM | Computer Name = Kris-PC | Source = HTTP | ID = 15016
Description =

Error - 3/23/2012 12:08:16 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/23/2012 12:08:49 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/23/2012 12:10:50 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 3/23/2012 12:35:05 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/23/2012 12:35:54 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/23/2012 12:41:22 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/23/2012 12:47:51 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >

 

[Broni]

Good news

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- C:\Users\Kelli\AppData\Local\Temp\002907~1.EXE -- (0029071332293059mcinstcleanup) McAfee Application Installer Cleanup (0029071332293059)
  SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[akaGizmo]

OTL

All processes killed
========== OTL ==========
Error: No service named 0029071332293059mcinstcleanup) McAfee Application Installer Cleanup (0029071332293059 was found to stop!
Service\Driver key 0029071332293059mcinstcleanup) McAfee Application Installer Cleanup (0029071332293059 not found.
File C:\Users\Kelli\AppData\Local\Temp\002907~1.EXE not found.
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kelli
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 2054094 bytes
->FireFox cache emptied: 30449667 bytes
->Flash cache emptied: 17649 bytes

User: Kris
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rollbackrx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 3551582 bytes
->Flash cache emptied: 448 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12476 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kelli

User: Kris

User: Public

User: Rollbackrx

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kelli
->Flash cache emptied: 0 bytes

User: Kris

User: Public

User: Rollbackrx
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03242012_002221

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[akaGizmo]

checkup

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Adobe Flash Player 11.1.102.63
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

 

[akaGizmo]

FSS

Farbar Service Scanner Version: 01-03-2012
Ran by Kelli (administrator) on 24-03-2012 at 00:35:11
Running from "C:\Users\Kelli\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-19 21:06] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-13 16:45] - [2010-06-16 11:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 16:28] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-08-13 16:45] - [2010-06-16 11:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 22:23] - [2008-01-20 22:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 22:23] - [2008-01-20 22:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 22:25] - [2008-01-20 22:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-08-12 17:16] - [2008-04-18 01:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-14 19:02] - [2009-03-03 00:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

 

[akaGizmo]

Eset

No threats found!

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 2 installation!!!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[akaGizmo]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kelli
->Temp folder emptied: 104270 bytes
->Temporary Internet Files folder emptied: 2813401 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kris
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rollbackrx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7098 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kelli
->Flash cache emptied: 0 bytes

User: Kris

User: Public

User: Rollbackrx
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kelli

User: Kris

User: Public

User: Rollbackrx

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.39.2 log created on 03242012_190952

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

13. Please, let me know, how your computer is doing.

Whenever ready...

 

[akaGizmo]

All Good!

...I had a heck of a time getting Vista SP2 installed. It warned me it could take hours, but not days! The default update settings would try to install, but would eventually fail a half hour after rebooting. --The solution was to hand pick a couple of updates at a time.


I am fully updated and the computer hasn't been faster!!!!


THANK YOU SO MUCH!!!

 

[Broni]

Way to go!!

Good luck and stay safe