TechSpot

JAVA/Agent: Not sure if there is a problem or not

Solved
By Klykyl
Feb 4, 2011
Topic Status:
Not open for further replies.
  1. There was a virus on this computer and I thought I got it all last night until Alvira picked it up again, the java agent, so I'm just posting here to make sure this computer is clean. But the original virus was one of those fake little scanner things that says your computer in heavily infected, and it came up after a google image was clicked. I don't know the original name of the little virus I wasn't the one using the computer.

    Logs:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5680

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    2/4/2011 4:06:00 PM
    mbam-log-2011-02-04 (16-06-00).txt

    Scan type: Quick scan
    Objects scanned: 196623
    Time elapsed: 6 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-04 16:49:45
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005e ST332062 rev.3.AD
    Running: 1fntq03f.exe; Driver: C:\Users\Deborah\AppData\Local\Temp\kxkiipog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    ------------------------------------


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Deborah at 16:52:08.04 on Fri 02/04/2011
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2327 [GMT -8:00]

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\AERTSrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Deborah\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070803
    uWindow Title = Internet Explorer provided by Dell
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [<NO NAME>]
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [HostManager] c:\program files\common files\aol\1187236095\ee\AOLSoftware.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [LanUpdate] "c:\program files\netgear update assistant\LanUpdate.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [IRIScan 2 button manager] "c:\program files\iriscn2i\bmanm12.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
    DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\deborah\appdata\roaming\mozilla\firefox\profiles\vqok8243.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

    ============= SERVICES / DRIVERS ===============

    R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-6-14 4608]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-14 21504]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 267944]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-9-25 20376]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 61960]
    R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\clickfree\c2nplus\reminder\SacNetAgent.exe [2010-8-18 141640]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-12-17 5120]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-8 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-3 30192]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-6-14 21504]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-3 27192]
    S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\drivers\RTL85n86.sys [2007-8-18 354816]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    =============== Created Last 30 ================

    2011-02-04 10:14:01 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3caeaf6a-db60-4a73-9041-f84a3399d0fc}\mpengine.dll
    2011-02-04 03:35:48 -------- d-----w- c:\users\deborah\appdata\local\VS Revo Group
    2011-02-04 03:35:45 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2011-02-04 03:33:31 -------- d-----w- c:\program files\VS Revo Group
    2011-02-04 03:18:50 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-03 04:03:44 -------- d-----w- c:\users\deborah\appdata\roaming\Avira
    2011-02-03 01:35:35 388096 ----a-r- c:\users\deborah\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-02-03 01:35:35 -------- d-----w- c:\program files\Trend Micro
    2011-01-12 04:56:18 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 04:56:17 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-01-12 04:56:16 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-01-12 04:56:16 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-01-12 04:56:16 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-01-12 04:56:16 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-01-12 04:56:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-10 03:32:35 -------- d-----w- c:\program files\iPod
    2011-01-08 18:14:37 -------- d-----w- c:\windows\en
    2011-01-08 18:14:15 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-01-08 17:25:28 -------- d-----w- c:\program files\My Company Name
    2011-01-08 17:21:34 -------- d-----w- C:\temp

    ==================== Find3M ====================

    2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 16:52:39.25 ===============


    I can't find the attach.txt I don't see it and I know I didn't close any logs..
  2. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Re-run DDS and you should get Attach.txt file.

    When done...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    First two logs



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/3/2007 8:58:02 AM
    System Uptime: 2/4/2011 3:53:31 PM (4 hours ago)

    Motherboard: Dell Inc. | | 0RY206
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 288 GiB total, 145.739 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 0.007 GiB free.
    E: is CDROM ()
    F: is CDROM (CDFS)
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    L: is Removable
    M: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp

    ==== System Restore Points ===================

    RP826: 12/20/2010 3:40:11 AM - Installed Dell Support Center
    RP827: 12/26/2010 5:00:52 PM - Windows Update
    RP828: 12/27/2010 3:22:45 PM - Scheduled Checkpoint
    RP829: 12/27/2010 4:46:30 PM - Installed Dell Support Center
    RP830: 1/7/2011 11:26:44 PM - Scheduled Checkpoint
    RP831: 1/8/2011 9:00:06 AM - Installed Dell Support Center
    RP832: 1/8/2011 10:01:37 AM - Windows Update
    RP833: 1/8/2011 10:06:25 AM - Windows Update
    RP834: 1/9/2011 7:25:03 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    RP835: 1/9/2011 7:26:04 PM - Device Driver Package Install: Apple Network adapters
    RP836: 1/10/2011 4:19:46 PM - Removed WinZip 12.0
    RP837: 1/12/2011 3:00:20 AM - Windows Update
    RP838: 2/2/2011 5:35:04 PM - Installed HiJackThis
    RP839: 2/3/2011 2:27:16 AM - Windows Update
    RP840: 2/3/2011 6:27:42 PM - Windows Update
    RP842: 2/3/2011 7:37:28 PM - Revo Uninstaller Pro's restore point - bearshare
    RP844: 2/3/2011 7:40:59 PM - Revo Uninstaller Pro's restore point - limewire
    RP846: 2/3/2011 7:45:10 PM - Revo Uninstaller Pro's restore point - norton
    RP848: 2/3/2011 7:49:33 PM - Revo Uninstaller Pro's restore point - SUPERAntiSpyware Free Edition
    RP850: 2/3/2011 7:52:42 PM - Revo Uninstaller Pro's restore point - ANTI SPYWARE
    RP852: 2/3/2011 7:54:13 PM - Revo Uninstaller Pro's restore point - macafee
    RP853: 2/4/2011 2:13:11 AM - Windows Update
    RP854: 2/4/2011 6:51:30 PM - Scheduled Checkpoint

    ==== Installed Programs ======================


    Sansa Media Converter
    3ivx MPEG-4 5.0.3 (remove only)
    747Boeing_BCA Screen Saver
    777Boeing_BCA2 Screen Saver
    Acrobat.com
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Adobe® Photoshop® Album Starter Edition 3.2
    Akamai NetSession Interface
    Amazon MP3 Downloader 1.0.0+6
    AOL Mail and AIM Gadget
    AOL Registration
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Atomaders
    Avira AntiVir Personal - Free Antivirus
    Bejeweled 2 Deluxe
    Bejeweled 2 Deluxe 1.1
    Bejeweled Twist 1.0
    Belkin Wireless Driver
    Big Fish Games Client
    Bonjour
    Brain Train on the Go (remove only)
    Brother HL-2170W
    CCleaner
    CCScore
    Cisco Network Magic
    Comcast High-Speed Internet Install Wizard
    Conexant D850 PCI V.92 Modem
    Cook'n with Betty Crocker
    D3DX10
    Dell DataSafe Online
    Dell Printer Software Uninstall
    Dell Support Center
    Dell System Customization Wizard
    DellSupport
    Desktop Doctor
    Digital Line Detect
    EA Download Manager
    EA Download Manager UI
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    FlipShare
    Games, Music, & Photos Launcher
    Garmin USB Drivers
    Garmin WebUpdater
    getPlus(R) for Adobe
    Google Chrome
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP My Display
    IRIScan 2
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Jewel Quest 3
    Junk Mail filter update
    Kodak EasyShare software
    LanUpdate
    LEGO Digital Designer
    Malwarebytes' Anti-Malware
    MediaBar 2.0
    Mesh Runtime
    Messenger Companion
    MetaFrame Presentation Server Client
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MobileMe Control Panel
    Modem Diagnostic Tool
    Mozilla Firefox (3.6.11)
    Mozilla Firefox (3.6.12)
    MP3 Player Recovery Tool
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Plugin 1.0
    Need for Speed Underground 2 Demo
    netbrdg
    Netgear Update Assistant
    NetWaiting
    Network Magic
    Nitto 1320 Legends Public Beta 0.9.12.8
    NVIDIA Drivers
    NVIDIANetworkDiagnostic
    OfotoXMI
    OGA Notifier 2.0.0048.0
    Paint Shop Pro 7 Anniversary Edition
    PlayStation(R)Network Downloader
    Product Documentation Launcher
    Project64 1.6
    Pure Networks Platform
    QLP 2002 Manuals
    Quicken Lawyer 2002 Personal Deluxe
    QuickTime
    Readiris Pro 11
    RealArcade
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Registry Mechanic 8.0
    Revo Uninstaller 1.91
    Revo Uninstaller Pro 2.5.1
    Rhapsody
    Rhapsody MP3 Download Manager
    Rhapsody Player Engine
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    RTC Client API v1.2
    Safari
    Samsung CLP-310 Series
    SDK
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Sonic Activation Module
    Spelling Dictionaries Support For Adobe Reader 9
    staticcr
    Stunt Track Driver
    SUPERAntiSpyware Free Edition
    The Sims 2 HomeCrafter Plus
    The Sims™ 2 Apartment Life
    The Sims™ 2 Best of Business Collection
    The Sims™ 2 Double Deluxe
    The Sims™ 2 IKEA® Home Stuff
    The Sims™ 2 Seasons
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2483110)
    URL Assistant
    User's Guides
    Viewpoint Media Player
    VoiceOver Kit
    VPRINTOL
    Wal-Mart Music Downloads Store
    WebEx Support Manager for Internet Explorer
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Movie Maker 2.6
    WinRAR archiver
    WIRELESS
    Yahoo! Music Jukebox
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    2/4/2011 4:55:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001AA050D3C4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/4/2011 4:50:44 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.15. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
    2/4/2011 3:55:58 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    2/4/2011 3:54:27 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "740" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding
    2/4/2011 3:54:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
    2/4/2011 3:54:19 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
    2/4/2011 3:54:19 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/4/2011 3:54:19 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    2/4/2011 3:30:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    2/4/2011 3:30:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/4/2011 3:30:31 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/4/2011 3:30:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/4/2011 3:30:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/4/2011 3:30:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    2/4/2011 3:28:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    2/4/2011 3:28:07 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/4/2011 3:28:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    2/4/2011 3:25:21 PM, Error: EventLog [6008] - The previous system shutdown at 3:22:56 PM on 2/4/2011 was unexpected.

    ==== End Of File ===========================


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Inspiron 531
    Logical Drives Mask: 0x00001fbc

    Kernel Drivers (total 168):
    0x82819000 \SystemRoot\system32\ntkrnlpa.exe
    0x82BD2000 \SystemRoot\system32\hal.dll
    0x80404000 \SystemRoot\system32\kdcom.dll
    0x8040B000 \SystemRoot\system32\PSHED.dll
    0x8041C000 \SystemRoot\system32\BOOTVID.dll
    0x80424000 \SystemRoot\system32\CLFS.SYS
    0x80465000 \SystemRoot\system32\CI.dll
    0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80605000 \SystemRoot\system32\drivers\acpi.sys
    0x8064B000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80654000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8065C000 \SystemRoot\system32\drivers\pci.sys
    0x80683000 \SystemRoot\System32\drivers\partmgr.sys
    0x80692000 \SystemRoot\system32\drivers\volmgr.sys
    0x806A1000 \SystemRoot\System32\drivers\volmgrx.sys
    0x806EB000 \SystemRoot\system32\drivers\pciide.sys
    0x806F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80700000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80710000 \SystemRoot\system32\drivers\nvraid.sys
    0x80729000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8074A000 \SystemRoot\system32\drivers\atapi.sys
    0x80752000 \SystemRoot\system32\drivers\ataport.SYS
    0x80770000 \SystemRoot\system32\drivers\nvstor32.sys
    0x8078D000 \SystemRoot\system32\drivers\storport.sys
    0x807CE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x805CE000 \SystemRoot\system32\drivers\fileinfo.sys
    0x805DE000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
    0x805F4000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82E05000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82E76000 \SystemRoot\system32\drivers\ndis.sys
    0x82F81000 \SystemRoot\system32\drivers\msrpc.sys
    0x82FAC000 \SystemRoot\system32\drivers\NETIO.SYS
    0x83408000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x83518000 \SystemRoot\system32\drivers\volsnap.sys
    0x83551000 \SystemRoot\System32\Drivers\spldr.sys
    0x83559000 \SystemRoot\System32\Drivers\mup.sys
    0x83568000 \SystemRoot\System32\drivers\ecache.sys
    0x8358F000 \SystemRoot\system32\drivers\disk.sys
    0x835A0000 \SystemRoot\system32\drivers\crcdisk.sys
    0x835A9000 \SystemRoot\system32\DRIVERS\null.sys
    0x835E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x835EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x82FE7000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x8F805000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8F80F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8F84D000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F85C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8F8D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8FC06000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8FD07000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0x8FD09000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8FD21000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8FE0F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9072D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x9072F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x907D0000 \SystemRoot\System32\drivers\watchdog.sys
    0x8FD27000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x907DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x907E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8FE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8FD56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8FD79000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8FD88000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8FD9C000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8FDB1000 \SystemRoot\system32\DRIVERS\wanatw4.sys
    0x8FE0B000 \SystemRoot\System32\Drivers\PdiPorts.sys
    0x8FDB7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8FDC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8FDD2000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x907FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8F95E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8FDDD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8FDE7000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8F988000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8F9BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x91600000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8F9CE000 \SystemRoot\system32\drivers\portcls.sys
    0x91A07000 \SystemRoot\system32\drivers\drmk.sys
    0x91A2C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x91A35000 \SystemRoot\System32\Drivers\Beep.SYS
    0x91A3C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0x91A4B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x91A52000 \SystemRoot\System32\drivers\vga.sys
    0x91A5E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x91A7F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x91A87000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x91A8F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x91A9A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x91AA8000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x91AB1000 \SystemRoot\System32\drivers\tcpip.sys
    0x91B9B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x91BB6000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x91BCC000 \SystemRoot\system32\DRIVERS\smb.sys
    0x91C05000 \SystemRoot\system32\drivers\afd.sys
    0x91C4D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x91C7F000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x91C88000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x91C9E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x91CAC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x91CBF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x91CC5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0x91CEA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x91CF0000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x91D2C000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x91D36000 \SystemRoot\System32\Drivers\dfsc.sys
    0x91D4D000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x91D73000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0x91D75000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x91D82000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x91D8C000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
    0x91DA9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x91DBE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x9ACC0000 \SystemRoot\System32\win32k.sys
    0x91DC0000 \SystemRoot\System32\drivers\Dxapi.sys
    0x91DCA000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x91DD3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x91DE3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x91BE0000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x91BEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x91BF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x835B0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9AEE0000 \SystemRoot\System32\TSDDD.dll
    0x9AF00000 \SystemRoot\System32\cdd.dll
    0x835BF000 \SystemRoot\system32\drivers\luafv.sys
    0xA0004000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xA0019000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xA0024000 \SystemRoot\System32\DLA\DLADResM.SYS
    0xA0025000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xA003D000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xA0042000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xA0044000 \SystemRoot\System32\DLA\DLABMFSM.SYS
    0xA004B000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xA0052000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xA0068000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xA0087000 \SystemRoot\system32\drivers\spsys.sys
    0xA0137000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA0147000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA0171000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA017B000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0xA0185000 \SystemRoot\system32\DRIVERS\purendis.sys
    0xA018F000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA0A0A000 \SystemRoot\system32\drivers\HTTP.sys
    0xA0A77000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA0A94000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA0AAD000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA0AC2000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA0AE3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA0B02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA0B3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA0B53000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA0B7B000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA0B91000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA0BEE000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xA0BF0000 \SystemRoot\System32\Drivers\MCSTRM.SYS
    0xA0BF2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA3608000 \SystemRoot\system32\drivers\peauth.sys
    0xA36E6000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA370E000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA3718000 \??\C:\Windows\system32\Drivers\SSPORT.sys
    0xA371F000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA372B000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xA3733000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xA3748000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xA375A000 \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    0xA376F000 \??\C:\Users\Deborah\AppData\Local\Temp\kxkiipog.sys
    0xA3787000 \??\C:\Users\Deborah\AppData\Local\Temp\mbr.sys
    0x76DB0000 \Windows\System32\ntdll.dll

    Processes (total 71):
    0 System Idle Process
    4 System
    504 C:\Windows\System32\smss.exe
    572 csrss.exe
    624 C:\Windows\System32\wininit.exe
    636 csrss.exe
    672 C:\Windows\System32\services.exe
    696 C:\Windows\System32\lsass.exe
    704 C:\Windows\System32\lsm.exe
    812 C:\Windows\System32\winlogon.exe
    904 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\svchost.exe
    1272 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\audiodg.exe
    1392 C:\Windows\System32\svchost.exe
    1420 C:\Windows\System32\SLsvc.exe
    1468 C:\Windows\System32\svchost.exe
    1576 C:\Windows\System32\rundll32.exe
    1724 C:\Windows\System32\svchost.exe
    1924 C:\Windows\System32\spoolsv.exe
    1952 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1968 C:\Windows\System32\svchost.exe
    1508 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1644 C:\Windows\System32\AERTSrv.exe
    1708 C:\Windows\System32\svchost.exe
    1712 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1828 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    2020 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    896 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    684 C:\Windows\System32\atashost.exe
    1684 C:\Program Files\Bonjour\mDNSResponder.exe
    1612 C:\Windows\System32\svchost.exe
    1156 C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    1820 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2116 C:\Windows\System32\svchost.exe
    2300 C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
    2316 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2352 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    2380 C:\Windows\System32\svchost.exe
    2416 C:\Windows\System32\svchost.exe
    2476 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2500 C:\Windows\System32\SearchIndexer.exe
    2620 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2648 C:\Windows\System32\drivers\XAudio.exe
    2680 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    2904 WmiPrvSE.exe
    2956 WUDFHost.exe
    3500 C:\Windows\System32\dwm.exe
    3536 C:\Windows\System32\taskeng.exe
    3636 C:\Windows\System32\taskeng.exe
    2628 unsecapp.exe
    4240 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    4720 C:\Windows\ehome\ehtray.exe
    5820 C:\Windows\ehome\ehmsas.exe
    3884 C:\Program Files\iPod\bin\iPodService.exe
    4144 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5780 C:\Windows\System32\rundll32.exe
    3408 C:\Windows\explorer.exe
    5136 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    3088 C:\Program Files\Mozilla Firefox\firefox.exe
    2488 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3860 C:\Windows\System32\VSSVC.exe
    4016 C:\Windows\System32\svchost.exe
    3372 C:\Windows\System32\notepad.exe
    5036 C:\Windows\System32\notepad.exe
    5188 C:\Windows\System32\SearchProtocolHost.exe
    4808 C:\Windows\System32\SearchFilterHost.exe
    6036 C:\Users\Deborah\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AD

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
  4. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Go on.......
  5. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    ComboFix 11-01-31.02 - Deborah 02/04/2011 19:08:02.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.1948 [GMT -8:00]
    Running from: c:\users\Deborah\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\QUAD Utilities
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner website.url
    c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
    c:\programdata\PCDr\5744\Downloads\3f27aeb4-f0e2-4006-92ee-e1f5a49cf45f.dll
    c:\programdata\PCDr\5744\Downloads\69282cc9-4087-49e4-b903-9638b4f63ccc.dll
    c:\programdata\PCDr\5744\Downloads\79d05ae1-1d2a-46cf-9a29-5dd82888a439.dll
    c:\programdata\PCDr\5744\Downloads\ace5304d-f4d3-4e03-9b43-c1113c682910.dll
    c:\users\Kyle\AppData\Roaming\QUAD Backups
    c:\users\Kyle\Desktop\Internet Explorer.lnk
    c:\users\Kyle\NO$GBA.EXE
    c:\windows\desktop
    c:\windows\desktop\Cook'n with Betty Crocker.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
    .

    2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Deborah\AppData\Local\temp
    2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Lawrence\AppData\Local\temp
    2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Kyle\AppData\Local\temp
    2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Kelly x3\AppData\Local\temp
    2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 10:14 . 2011-01-20 18:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CAEAF6A-DB60-4A73-9041-F84A3399D0FC}\mpengine.dll
    2011-02-04 06:11 . 2011-02-04 06:11 -------- d-----w- c:\programdata\WindowsSearch
    2011-02-04 03:35 . 2011-02-04 03:35 -------- d-----w- c:\users\Deborah\AppData\Local\VS Revo Group
    2011-02-04 03:35 . 2009-12-30 19:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2011-02-04 03:33 . 2011-02-04 03:35 -------- d-----w- c:\program files\VS Revo Group
    2011-02-04 03:18 . 2010-10-19 18:41 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-03 04:03 . 2011-02-03 04:03 -------- d-----w- c:\users\Deborah\AppData\Roaming\Avira
    2011-02-03 01:35 . 2011-02-03 01:35 388096 ----a-r- c:\users\Deborah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-03 01:35 . 2011-02-03 01:35 -------- d-----w- c:\program files\Trend Micro
    2011-01-15 23:31 . 2011-01-15 23:31 -------- d-----w- c:\users\Deborah\AppData\Roaming\Yahoo!
    2011-01-12 04:56 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 04:56 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 04:56 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 04:56 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 04:56 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-12 04:56 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 04:56 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-10 07:33 . 2011-01-10 07:33 -------- d-----w- c:\users\Lawrence\AppData\Roaming\KodakCredentialStore
    2011-01-10 03:32 . 2011-01-10 03:32 -------- d-----w- c:\program files\iPod
    2011-01-08 18:14 . 2011-01-08 18:14 -------- d-----w- c:\windows\en
    2011-01-08 18:14 . 2010-09-23 08:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-01-08 17:25 . 2011-01-08 17:25 -------- d-----w- c:\program files\My Company Name
    2011-01-08 17:21 . 2011-01-08 17:21 -------- d-----w- C:\temp
    2011-01-08 17:19 . 2011-01-08 17:19 -------- d-----w- c:\users\Lawrence\AppData\Local\Deployment
    2011-01-08 17:19 . 2011-01-08 17:19 -------- d-----w- c:\users\Lawrence\AppData\Local\Apps

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-22 09:06 . 2010-12-22 09:06 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-12-21 02:09 . 2009-09-27 04:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 02:08 . 2009-09-27 04:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 11:37 . 2009-09-26 17:12 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-23 05:38 . 2009-09-26 17:12 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-06-27 18:15 . 2009-11-24 03:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
    "HostManager"="c:\program files\Common Files\AOL\1187236095\ee\AOLSoftware.exe" [2008-06-24 41824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "IRIScan 2 button manager"="c:\program files\iriscn2i\bmanm12.exe" [2008-09-02 2323120]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
    "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-16 274608]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 232184]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

    c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
    backup=c:\windows\pss\ymetray.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Lawrence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]
    path=c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
    backup=c:\windows\pss\AOL Desktop.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
    2007-01-17 00:12 280576 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-06-27 18:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
    2009-04-21 03:30 79872 ----a-w- c:\users\Lawrence\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
    R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2010-08-10 141640]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
    S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KXKIIPOG
    *Deregistered* - kxkiipog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-04 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 04:12]

    2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]

    2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]

    2011-02-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

    2011-02-04 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

    2011-02-05 c:\windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070803
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
    FF - ProfilePath - c:\users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.6 Beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
    SafeBoot-mcmscsvc
    SafeBoot-MCODS



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-04 19:14
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&317f13c5&0&UID256\Device Parameters\MODES]
    @DACL=(02 0000)
    .
    Completion time: 2011-02-04 19:16:24
    ComboFix-quarantined-files.txt 2011-02-05 03:16

    Pre-Run: 156,487,589,888 bytes free
    Post-Run: 163,785,342,976 bytes free

    - - End Of File - - 46505886ED897B3F566F1BDF1ECC74DC


    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/04/2011 at 19:35:17.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\runonce.exe
    C:\Windows\System32\grpconv.exe


    Rkill completed on 02/04/2011 at 19:35:24.



    I'm not to sure what you mean by your_name.exe.. I don't see it..
  6. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Looks good now :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  7. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    OTL logfile created on: 2/4/2011 8:19:54 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Deborah\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.05 Gb Total Space | 150.88 Gb Free Space | 52.38% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
    Drive F: | 124.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: FAMILY_ROOM_2PC | User Name: Deborah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
    PRC - [2010/12/08 21:38:23 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/11/03 02:24:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/11/03 02:24:24 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
    PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
    MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2011/01/05 17:37:35 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
    SRV - [2010/12/08 21:38:23 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/11/03 02:24:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/08/10 06:50:45 | 000,141,640 | R--- | M] (Storage Appliance Corporation) [Auto | Stopped] -- C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
    SRV - [2010/06/27 10:15:07 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
    SRV - [2007/03/19 09:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2007/01/16 16:10:14 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
    SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/20 03:37:20 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/11/22 21:38:27 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/10/12 20:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/10/12 20:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/10/12 20:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/07/07 13:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/01/14 02:13:00 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2008/03/26 12:16:14 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
    DRV - [2008/01/24 10:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/08/12 18:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2007/08/12 18:48:43 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/08/03 15:47:59 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2007/08/03 15:47:59 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2007/08/03 15:47:59 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/03/23 03:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2007/03/15 05:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2007/03/12 16:49:30 | 000,354,816 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
    DRV - [2007/02/25 09:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/11/29 14:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2006/11/16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
    DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/01 23:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/01 23:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006/10/06 12:49:00 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070803
    IE - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/16 15:39:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 18:52:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/06 22:46:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2010/12/26 18:52:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2011/01/06 22:46:16 | 000,000,000 | ---D | M]

    [2009/09/25 12:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions
    [2011/02/04 20:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\extensions
    [2009/09/26 08:56:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/09/26 09:04:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/02/04 16:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/10 00:15:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/21 19:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/16 15:39:44 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/02/04 19:14:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
    O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1187236095\ee\aolsoftware.exe (AOL LLC)
    O4 - HKLM..\Run: [IRIScan 2 button manager] C:\Program Files\iriscn2i\bmanm12.exe ()
    O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [LanUpdate] C:\Program Files\Netgear Update Assistant\LanUpdate.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
    O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} http://www.crucial.com/controls/cpcVistaBeta.cab (Crucial cpcScan)
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/26 09:43:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/12/06 02:15:22 | 000,000,097 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/04 20:17:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
    [2011/02/04 19:16:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/02/04 19:16:26 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\temp
    [2011/02/04 19:05:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/04 15:17:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\TFC.exe
    [2011/02/03 22:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/02/03 19:35:48 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\VS Revo Group
    [2011/02/03 19:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    [2011/02/03 19:35:45 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
    [2011/02/03 19:35:20 | 007,809,352 | ---- | C] (VS Revo Group ) -- C:\Users\Deborah\Desktop\RevoUninProSetup.exe
    [2011/02/03 19:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011/02/03 19:33:31 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2011/02/03 19:32:25 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Deborah\Desktop\revosetup.exe
    [2011/02/02 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Avira
    [2011/02/02 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/02/02 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/01/15 15:31:10 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Yahoo!
    [2011/01/09 19:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/01/09 19:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/01/08 10:14:37 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2011/01/08 09:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
    [2011/01/08 09:21:34 | 000,000,000 | ---D | C] -- C:\temp
    [2011/01/08 09:11:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

    ========== Files - Modified Within 30 Days ==========

    [2011/02/04 20:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/02/04 20:20:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
    [2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
    [2011/02/04 19:53:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/04 19:53:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/04 19:34:21 | 000,720,369 | ---- | M] () -- C:\Users\Deborah\Desktop\rkill.com
    [2011/02/04 19:14:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/02/04 19:04:50 | 004,263,406 | R--- | M] () -- C:\Users\Deborah\Desktop\ComboFix.exe
    [2011/02/04 19:02:13 | 000,080,384 | ---- | M] () -- C:\Users\Deborah\Desktop\MBRCheck.exe
    [2011/02/04 16:00:19 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/04 16:00:19 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/04 15:56:29 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2011/02/04 15:55:59 | 000,000,307 | ---- | M] () -- C:\Windows\Brownie.ini
    [2011/02/04 15:54:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/02/04 15:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/04 15:53:50 | 3687,329,792 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/04 15:52:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/02/04 15:17:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\TFC.exe
    [2011/02/04 10:02:35 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/02/03 19:35:47 | 000,001,091 | ---- | M] () -- C:\Users\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2011/02/03 19:35:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    [2011/02/03 19:35:31 | 007,809,352 | ---- | M] (VS Revo Group ) -- C:\Users\Deborah\Desktop\RevoUninProSetup.exe
    [2011/02/03 19:34:06 | 049,788,256 | ---- | M] () -- C:\Users\Deborah\Desktop\avira_antivir_personal_en.exe
    [2011/02/03 19:33:31 | 000,001,059 | ---- | M] () -- C:\Users\Deborah\Desktop\Revo Uninstaller.lnk
    [2011/02/03 19:32:29 | 002,649,016 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Deborah\Desktop\revosetup.exe
    [2011/02/03 19:25:58 | 000,000,660 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/02/02 17:43:48 | 000,002,527 | ---- | M] () -- C:\Users\Deborah\Desktop\HiJackThis.lnk
    [2011/02/02 17:34:05 | 001,402,880 | ---- | M] () -- C:\Users\Deborah\Desktop\HiJackThis.msi
    [2011/02/02 17:20:19 | 000,000,095 | ---- | M] () -- C:\Users\Deborah\AppData\Local\fusioncache.dat
    [2011/01/28 10:15:56 | 000,218,652 | ---- | M] () -- C:\Users\Deborah\Desktop\1834_49551.estates.luxury.jpg
    [2011/01/28 10:15:02 | 000,157,750 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_36926.estates.luxury.jpg
    [2011/01/28 10:14:47 | 000,194,776 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_36927.estates.luxury.jpg
    [2011/01/28 10:14:27 | 000,188,288 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_36923.estates.luxury.jpg
    [2011/01/28 10:10:29 | 000,287,742 | ---- | M] () -- C:\Users\Deborah\Desktop\2012_55501.estates.luxury.jpg
    [2011/01/28 10:07:03 | 000,233,804 | ---- | M] () -- C:\Users\Deborah\Desktop\1990_54935.estates.luxury.jpg
    [2011/01/28 10:05:50 | 000,306,402 | ---- | M] () -- C:\Users\Deborah\Desktop\1990_54994.estates.luxury.jpg
    [2011/01/26 22:23:35 | 000,035,840 | ---- | M] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/22 00:54:10 | 000,231,810 | ---- | M] () -- C:\Users\Deborah\Desktop\1980_54594.estates.luxury.jpg
    [2011/01/22 00:52:45 | 000,231,423 | ---- | M] () -- C:\Users\Deborah\Desktop\1980_54589.estates.luxury.jpg
    [2011/01/22 00:51:33 | 000,264,900 | ---- | M] () -- C:\Users\Deborah\Desktop\1886_51505.estates.luxury.jpg
    [2011/01/22 00:47:14 | 000,292,513 | ---- | M] () -- C:\Users\Deborah\Desktop\1831_52092.estates.luxury.jpg
    [2011/01/22 00:43:08 | 000,259,224 | ---- | M] () -- C:\Users\Deborah\Desktop\2012_55505.estates.luxury.jpg
    [2011/01/22 00:41:32 | 000,286,618 | ---- | M] () -- C:\Users\Deborah\Desktop\2012_55487.estates.luxury.jpg
    [2011/01/22 00:38:44 | 000,296,542 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_55686.estates.luxury.jpg
    [2011/01/22 00:35:05 | 000,143,525 | ---- | M] () -- C:\Users\Deborah\Desktop\1705_45399.estates.luxury.jpg
    [2011/01/22 00:25:04 | 000,264,801 | ---- | M] () -- C:\Users\Deborah\Desktop\1984_54755.estates.luxury.jpg
    [2011/01/22 00:24:13 | 000,267,330 | ---- | M] () -- C:\Users\Deborah\Desktop\1984_54749.estates.luxury.jpg
    [2011/01/22 00:23:51 | 000,280,575 | ---- | M] () -- C:\Users\Deborah\Desktop\1984_54748.estates.luxury.jpg
    [2011/01/20 20:08:53 | 000,349,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/01/20 00:25:06 | 000,520,859 | ---- | M] () -- C:\Users\Deborah\Desktop\Picture-512.png
    [2011/01/20 00:24:50 | 000,458,419 | ---- | M] () -- C:\Users\Deborah\Desktop\Picture-218.png
    [2011/01/19 23:39:55 | 000,395,264 | ---- | M] () -- C:\Users\Deborah\Desktop\1987_54802.estates.luxury.jpg
    [2011/01/16 20:25:26 | 000,001,236 | RHS- | M] () -- C:\Users\Deborah\ntuser.pol
    [2011/01/15 17:38:03 | 000,006,047 | ---- | M] () -- C:\Users\Deborah\Desktop\Router_Setup.html
    [2011/01/13 10:21:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/01/09 23:28:06 | 002,854,912 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2011/01/09 23:28:06 | 001,457,152 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2011/01/09 19:34:14 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/06 22:46:17 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
  8. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    ========== Files Created - No Company Name ==========

    [2011/02/04 19:34:21 | 000,720,369 | ---- | C] () -- C:\Users\Deborah\Desktop\rkill.com
    [2011/02/04 19:06:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/04 19:04:45 | 004,263,406 | R--- | C] () -- C:\Users\Deborah\Desktop\ComboFix.exe
    [2011/02/04 19:02:13 | 000,080,384 | ---- | C] () -- C:\Users\Deborah\Desktop\MBRCheck.exe
    [2011/02/03 19:35:47 | 000,001,091 | ---- | C] () -- C:\Users\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
    [2011/02/03 19:35:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    [2011/02/03 19:33:31 | 000,001,059 | ---- | C] () -- C:\Users\Deborah\Desktop\Revo Uninstaller.lnk
    [2011/02/02 17:35:35 | 000,002,527 | ---- | C] () -- C:\Users\Deborah\Desktop\HiJackThis.lnk
    [2011/02/02 17:34:04 | 001,402,880 | ---- | C] () -- C:\Users\Deborah\Desktop\HiJackThis.msi
    [2011/02/02 17:20:19 | 000,000,095 | ---- | C] () -- C:\Users\Deborah\AppData\Local\fusioncache.dat
    [2011/01/28 10:15:56 | 000,218,652 | ---- | C] () -- C:\Users\Deborah\Desktop\1834_49551.estates.luxury.jpg
    [2011/01/28 10:15:02 | 000,157,750 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_36926.estates.luxury.jpg
    [2011/01/28 10:14:47 | 000,194,776 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_36927.estates.luxury.jpg
    [2011/01/28 10:14:27 | 000,188,288 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_36923.estates.luxury.jpg
    [2011/01/28 10:10:29 | 000,287,742 | ---- | C] () -- C:\Users\Deborah\Desktop\2012_55501.estates.luxury.jpg
    [2011/01/28 10:07:02 | 000,233,804 | ---- | C] () -- C:\Users\Deborah\Desktop\1990_54935.estates.luxury.jpg
    [2011/01/28 10:05:47 | 000,306,402 | ---- | C] () -- C:\Users\Deborah\Desktop\1990_54994.estates.luxury.jpg
    [2011/01/22 00:54:09 | 000,231,810 | ---- | C] () -- C:\Users\Deborah\Desktop\1980_54594.estates.luxury.jpg
    [2011/01/22 00:52:45 | 000,231,423 | ---- | C] () -- C:\Users\Deborah\Desktop\1980_54589.estates.luxury.jpg
    [2011/01/22 00:51:33 | 000,264,900 | ---- | C] () -- C:\Users\Deborah\Desktop\1886_51505.estates.luxury.jpg
    [2011/01/22 00:47:13 | 000,292,513 | ---- | C] () -- C:\Users\Deborah\Desktop\1831_52092.estates.luxury.jpg
    [2011/01/22 00:42:36 | 000,259,224 | ---- | C] () -- C:\Users\Deborah\Desktop\2012_55505.estates.luxury.jpg
    [2011/01/22 00:41:32 | 000,286,618 | ---- | C] () -- C:\Users\Deborah\Desktop\2012_55487.estates.luxury.jpg
    [2011/01/22 00:38:43 | 000,296,542 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_55686.estates.luxury.jpg
    [2011/01/22 00:35:05 | 000,143,525 | ---- | C] () -- C:\Users\Deborah\Desktop\1705_45399.estates.luxury.jpg
    [2011/01/22 00:25:04 | 000,264,801 | ---- | C] () -- C:\Users\Deborah\Desktop\1984_54755.estates.luxury.jpg
    [2011/01/22 00:24:13 | 000,267,330 | ---- | C] () -- C:\Users\Deborah\Desktop\1984_54749.estates.luxury.jpg
    [2011/01/22 00:23:48 | 000,280,575 | ---- | C] () -- C:\Users\Deborah\Desktop\1984_54748.estates.luxury.jpg
    [2011/01/20 00:25:05 | 000,520,859 | ---- | C] () -- C:\Users\Deborah\Desktop\Picture-512.png
    [2011/01/20 00:24:48 | 000,458,419 | ---- | C] () -- C:\Users\Deborah\Desktop\Picture-218.png
    [2011/01/19 23:39:53 | 000,395,264 | ---- | C] () -- C:\Users\Deborah\Desktop\1987_54802.estates.luxury.jpg
    [2011/01/18 20:22:33 | 000,050,632 | ---- | C] () -- C:\Users\Deborah\Desktop\Fatty Heart Filled.ttf
    [2011/01/15 15:29:18 | 000,000,172 | R--- | C] () -- C:\Users\Deborah\Desktop\Router Login.url
    [2011/01/15 15:29:17 | 000,006,047 | ---- | C] () -- C:\Users\Deborah\Desktop\Router_Setup.html
    [2011/01/09 19:34:14 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/08 10:13:41 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2011/01/08 10:13:13 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2011/01/08 10:12:13 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2011/01/08 10:11:38 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2011/01/08 09:12:19 | 000,000,660 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/01/08 09:12:18 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2010/11/19 21:49:43 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010/11/19 21:25:58 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2010/11/19 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2010/11/19 21:25:55 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
    [2010/11/19 21:25:53 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
    [2010/11/19 21:22:10 | 000,000,307 | ---- | C] () -- C:\Windows\Brownie.ini
    [2010/03/01 14:51:37 | 000,000,162 | ---- | C] () -- C:\Windows\Readiris.ini
    [2010/02/02 12:55:30 | 000,000,094 | ---- | C] () -- C:\Windows\Cook'n99.ini
    [2009/10/17 16:29:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/24 07:17:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/04/25 19:04:19 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2009/01/31 18:16:25 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ESGAppInfo.dll
    [2008/12/22 23:13:53 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
    [2008/12/17 20:25:19 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
    [2008/08/26 07:30:41 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2008/08/25 18:50:44 | 000,000,680 | ---- | C] () -- C:\Users\Deborah\AppData\Local\d3d9caps.dat
    [2008/03/28 04:31:51 | 000,000,370 | ---- | C] () -- C:\Users\Deborah\AppData\Roaming\wklnhst.dat
    [2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
    [2007/09/28 14:39:31 | 000,035,840 | ---- | C] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/08/16 19:52:42 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
    [2007/08/16 19:52:39 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
    [2007/06/06 08:46:10 | 000,229,376 | ---- | C] () -- C:\Windows\System32\KPDVS.dll
    [2007/03/19 02:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
    [2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
    [2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
    [2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
    [2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
    [2007/03/19 02:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
    [2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
    [2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
    [2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
    [2007/03/19 02:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
    [2007/03/19 02:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
    [2007/01/26 11:56:02 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
    [2006/11/07 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/16 20:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 20:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

    ========== LOP Check ==========

    [2009/11/02 10:33:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\acccore
    [2007/10/29 16:38:48 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Amazon
    [2008/12/31 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/12/27 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\PCDr
    [2008/07/23 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Skinux
    [2008/03/28 04:31:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Template
    [2008/10/11 17:13:53 | 000,000,000 | ---D | M] -- C:\Users\Kelly x3\AppData\Roaming\MusicNet
    [2008/08/11 11:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kelly x3\AppData\Roaming\Skinux
    [2008/11/04 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Kelly x3\AppData\Roaming\Template
    [2009/12/05 14:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\acccore
    [2009/01/31 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Leadertech
    [2010/08/08 21:30:42 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\LEGO Company
    [2009/07/26 18:19:12 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MusicNet
    [2008/07/26 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Skinux
    [2009/08/15 23:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\SmartDraw
    [2007/11/12 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Template
    [2009/10/23 23:05:24 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\acccore
    [2007/08/16 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DataSafeOnline
    [2008/12/20 23:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\iWin
    [2008/12/31 21:30:08 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\MusicNet
    [2010/12/16 07:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\PCDr
    [2008/12/26 12:32:26 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\SanDisk
    [2008/07/23 06:27:13 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Skinux
    [2007/09/10 05:48:55 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Template
    [2011/02/03 19:25:58 | 000,000,660 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2011/02/04 15:52:23 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/02/04 10:02:35 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
    [2011/02/04 20:20:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2008/12/26 09:43:52 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/11/10 05:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/02/04 19:16:24 | 000,020,138 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/08/03 15:51:07 | 000,004,585 | RH-- | M] () -- C:\dell.sdr
    [2010/11/19 19:04:15 | 000,000,045 | ---- | M] () -- C:\error.log
    [2011/02/04 15:53:50 | 3687,329,792 | -HS- | M] () -- C:\hiberfil.sys
    [2007/08/19 18:31:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/02/02 17:14:23 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2007/08/19 18:31:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/03/22 14:00:33 | 000,000,902 | ---- | M] () -- C:\net_save.dna
    [2010/02/11 17:17:08 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2010/02/11 17:17:08 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
    [2010/02/11 17:17:08 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
    [2010/02/11 17:17:08 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{4768082f-171a-11df-b3ac-00038a000015}.TM.blf
    [2010/02/11 17:17:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{4768082f-171a-11df-b3ac-00038a000015}.TMContainer00000000000000000001.regtrans-ms
    [2010/02/11 17:17:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{4768082f-171a-11df-b3ac-00038a000015}.TMContainer00000000000000000002.regtrans-ms
    [2011/02/04 15:53:48 | 4003,012,608 | -HS- | M] () -- C:\pagefile.sys
    [2007/08/15 19:06:43 | 000,000,172 | ---- | M] () -- C:\pdisdk.log
    [2011/02/04 19:38:47 | 000,000,404 | ---- | M] () -- C:\rkill.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/06/24 14:31:14 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/04/07 04:32:08 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\cl31cpc.dll
    [2008/01/18 23:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/11/02 01:46:11 | 000,089,600 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMPRTPRC.DLL

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/22 23:14:04 | 000,503,808 | ---- | M] (ScreenTime Media) -- C:\Windows\747Boeing_BCA.scr
    [2008/12/22 23:17:42 | 000,491,520 | ---- | M] (ScreenTime Media) -- C:\Windows\777Boeing_BCA2.scr
    [2008/12/22 23:26:08 | 000,177,152 | ---- | M] (ScreenTime Media) -- C:\Windows\IDS 2006_saver.scr
    [2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\Windows\Jasc Media Center Plus.scr
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/07/22 12:25:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/26 20:27:53 | 000,000,286 | -HS- | M] () -- C:\Users\Deborah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/02/03 19:34:06 | 049,788,256 | ---- | M] () -- C:\Users\Deborah\Desktop\avira_antivir_personal_en.exe
    [2011/02/04 19:04:50 | 004,263,406 | R--- | M] () -- C:\Users\Deborah\Desktop\ComboFix.exe
    [2011/01/08 14:26:55 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Deborah\Desktop\install_flash_player.exe
    [2009/10/16 17:50:53 | 016,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Deborah\Desktop\jre-6u16-windows-i586.exe
    [2009/09/26 20:16:25 | 004,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Deborah\Desktop\mbam-setup.exe
    [2011/02/04 19:02:13 | 000,080,384 | ---- | M] () -- C:\Users\Deborah\Desktop\MBRCheck.exe
    [2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
    [2011/02/03 19:32:29 | 002,649,016 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Deborah\Desktop\revosetup.exe
    [2011/02/03 19:35:31 | 007,809,352 | ---- | M] (VS Revo Group ) -- C:\Users\Deborah\Desktop\RevoUninProSetup.exe
    [2009/08/13 10:14:18 | 000,472,064 | ---- | M] ( ) -- C:\Users\Deborah\Desktop\RootRepeal.exe
    [2009/10/16 20:34:48 | 007,280,672 | ---- | M] () -- C:\Users\Deborah\Desktop\SUPERAntiSpyware.exe
    [2011/02/04 15:17:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/09/28 14:36:38 | 000,000,402 | -HS- | M] () -- C:\Users\Deborah\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/09/25 14:07:28 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2009/10/17 16:29:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:81F83028
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A3E39C6A

    < End of report >
  9. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    OTL Extras logfile created on: 2/4/2011 8:19:54 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Deborah\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.05 Gb Total Space | 150.88 Gb Free Space | 52.38% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
    Drive F: | 124.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: FAMILY_ROOM_2PC | User Name: Deborah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{034BD947-5F10-4AB5-B7FB-ED9567DA605A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{076F34F7-C648-4C8E-AAA0-CC8CB1F60564}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{11F4AD7C-6F4F-4B5A-8CD6-C4AF2495450C}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
    "{123EEFFB-9A4D-4D63-8F7D-0B504BE004CD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{18AE9BFD-7FB7-4B77-9AFC-64BD2C676F21}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1DDF2BB5-04EA-42FB-9DC9-BF3572164638}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{21B32BCF-7C8B-4193-B8EF-69C13A7683F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{2F39F0EB-5828-4141-B7BF-975452CA64FA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4FB3400F-AC93-4C79-8390-D287CB06EA10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{533BA531-2B9C-48CB-AEC3-F17F382247B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
    "{6328F90B-CA0F-4C7C-BD30-2B0EB7961E81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{685A7F1C-5501-4A56-A984-C920592DB3A0}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{69056E13-E0B4-49A9-A919-DBBEAACB0C42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{712C0DC1-8D14-47D0-8635-F9C9ECB8A21D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{77342798-4F43-40E0-8302-AF971673F0A0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7791D617-C39F-40D8-85BB-2A9BFA0E93A3}" = lport=53271 | protocol=17 | dir=in | app=c:\programdata\clickfree\c2nplus\reminder\sacnetagent.exe |
    "{77ECAEFA-A4DA-4DC4-B9AE-58C4E7F58CBE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{8B5FE0EE-8CDE-4A27-8ED2-6AF225DD5FA9}" = lport=53272 | protocol=6 | dir=in | app=c:\programdata\clickfree\c2nplus\reminder\sacnetagent.exe |
    "{8F8EB675-9DAB-4025-BBF7-BA454790BE55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8FCF62E0-8510-4EDA-B1B3-BD532488CAA4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{92AC6864-DDC0-4AB9-AD34-4B39D9F5BDBE}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9BA59258-EAC6-491A-AE38-30E6BB06AA1D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{9F072455-8C5E-4440-A49B-B25F8E6B63EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
    "{A3180DCE-67E7-486A-82B9-C6C4A86E5C6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{A96F7111-51D4-40D4-A306-6F9E8B07EA3C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BA261464-8CA7-444C-85BF-E62DC51EB025}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C16FC710-EFEC-4973-A77C-CF69EDBC01F0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{C5D7887B-D8D8-42C2-82D7-9762ECB75DB4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C9F3F145-494B-41A9-B4CB-39585901F413}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D4028774-40EB-490D-B39C-14F7B3B92474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D4487A50-AF56-4E85-842D-F3907D60B3D3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{DE5ABD35-129F-4B46-B4E3-F184767B4589}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E19CC63C-D36E-4A8A-86B4-0768895D4F18}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{EF5E47DC-8007-48D7-812A-3D2F32170A7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F1BF7AE0-B0D8-4CC0-B73E-51F8BAE90246}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FACD3CB2-18A0-4923-8E0D-4D3716EC4E5B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FE559D84-85E8-4880-B2B2-9832583E082A}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07DE06E9-4B77-4E2B-ACD4-65E4682A172E}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
    "{089FC9E0-6241-4AAF-9F2B-C166DE3DD1B5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{10B2E045-40F3-490A-B4ED-5C48F5CD0930}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{111ADB07-1F82-459E-9515-BDFADFBA8ED3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{219548AD-FFF4-4022-93A6-C6B1F2864EEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{231CC0E2-0501-46D8-9ADF-F904DEDEBC34}" = protocol=6 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
    "{28BE3816-3549-4C34-B5FF-C74B6ACAA972}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2BF2B685-FCA7-4D41-B8EE-4F9CBDC3BC91}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
    "{308849F4-5A58-4C66-9DDF-7E9BB02A11E1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{3213F2C7-8005-404F-A615-8324C3F1B308}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
    "{3C716002-7E47-4F93-9731-6155FD2F5098}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3E69325C-E9DE-4299-90D1-8E62E27CA518}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4073EF9C-B834-458F-9B88-14398F54C0DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{51DFB163-E4C1-4D6C-B81F-A29E80872039}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{561C1C42-F1F4-4280-A21D-3EEEFFA278D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{598D39AF-7DF9-485B-B5D7-7282F5161116}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aoldesktop.exe |
    "{5CC8C423-34A4-416F-95CB-862FDCBEABD0}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
    "{5CEDE7A0-1801-4FA0-8A20-A88AD156F7E7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{5DABCB33-755B-4813-88D9-CF617B9B3F90}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
    "{60B558DE-CB83-42D6-87B0-FF5D725C39A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{61399F2F-949F-418B-8501-3CB23E3ED6BC}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{74063AB1-BF36-4993-8331-D1DDA07857BF}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{7AC1A55B-B942-422A-A132-728C1373A816}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7CEC8921-FE04-475B-9F36-D5F3564444C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{852EBBA8-363A-4B19-B77A-5F46AED6CA5E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{8D24686F-ABC8-4235-B873-99A927F1E17D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{8F56E7A1-7192-4069-BF2F-9C414725B16A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aolsoftware.exe |
    "{94AF665F-5353-4E73-97DE-433C15BA1F7A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{9BE81FCF-7F7C-40B5-9335-0C9D3957C1F7}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{9E3530F4-0727-4238-8DC2-6FBC47E95269}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9EB823C6-8A72-4761-BF9F-68D5A042C421}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{A0D34522-BAE0-4BF2-AAB1-467270B55553}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
    "{A4D9CD1E-9160-458B-93EA-B8F2E5B8E245}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{AA62ACE0-45D7-4C22-804D-B1B780696D6B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
    "{B7E439BB-2C01-4A9C-80C7-5EA5167CD58B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aolsoftware.exe |
    "{BFCB32F7-EA16-47B2-833C-16CF5484B843}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C0698C53-E947-4909-9928-4C5F36341335}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
    "{C0DF6E4A-566C-4FEA-8ABD-2BDE3C5A005F}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{C4523F9B-AEF5-43CA-99F5-65126AD980CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CB38FA7E-19A0-44E7-B078-F5BC4986BDF1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{CB3B5143-6452-4158-8E1F-702F4BC69949}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
    "{D67077E5-5932-4E09-AF9A-DBEF8B696EA2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aoldesktop.exe |
    "{D7281315-F75B-45CE-8B38-C6D0A9D35FF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{D79DBCCF-A890-4921-80AF-FB160155E30F}" = protocol=6 | dir=out | app=system |
    "{EE867953-2693-45F2-9476-95DEF0B56987}" = protocol=17 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
    "{F2DA56B4-2356-457F-92E4-B6F7E676CF7D}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
    "{F3821350-4786-4342-84A4-884FC3C61747}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F416855F-7D05-49BF-A27C-0DB9BFA46382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{FD0FCCFD-5BA6-40B2-8291-6475CBFA7A61}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{FD71B4F8-020E-4EF3-A3A5-220169474BDA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "TCP Query User{247327CB-8E8B-421C-ACE2-5E83D85D8FF4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{2C5A4277-A66D-446E-97E5-F9C4B43B46E4}C:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe |
    "TCP Query User{3E90F69E-7232-4C32-AC30-7B969BA42EEE}E:\bin\config\configassistant.exe" = protocol=6 | dir=in | app=e:\bin\config\configassistant.exe |
    "TCP Query User{488F28A2-A01A-493F-8D9C-6C5C50700F42}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{61EF89B0-2F4B-44FF-A341-D1BA67C14971}C:\program files\qlp 2002 deluxe\qlp.exe" = protocol=6 | dir=in | app=c:\program files\qlp 2002 deluxe\qlp.exe |
    "TCP Query User{93107784-D003-4C80-89BF-89B677A16E3B}C:\program files\microsoft games\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\flight simulator 9\fs9.exe |
    "TCP Query User{A0DC9781-F9D6-4A9F-A4D2-5A1EAF66D1C2}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
    "TCP Query User{B743A5C1-AE63-4600-86E9-55C223BD513B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{C05A5788-3BBF-43C9-858D-472B07D04AC6}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
    "TCP Query User{C89BABDA-A2E0-4F5A-BD8C-57E68EA1B905}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "TCP Query User{DD38997C-A094-4D5F-8557-0B9E52428D8B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{05777E43-9BB2-4184-9353-4BD72C4EB041}E:\bin\config\configassistant.exe" = protocol=17 | dir=in | app=e:\bin\config\configassistant.exe |
    "UDP Query User{216C655D-2767-428B-9D01-CF93B35570D7}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "UDP Query User{219AEA5C-BE54-4744-9FA5-A857579ACE18}C:\program files\microsoft games\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\flight simulator 9\fs9.exe |
    "UDP Query User{2A7D4E2C-31E8-4AF6-A016-829153B20974}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
    "UDP Query User{41D5284E-9B0C-420C-9088-448B57141631}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{41F4DD39-42C5-4B63-9D1D-B384E3C7F439}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
    "UDP Query User{4D6C300C-65B3-4C7E-9F80-B867D226130D}C:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe |
    "UDP Query User{4E95E26E-FC6C-4AA9-B855-39D77B59C943}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{95CEA846-E6CB-4755-81FB-C0C6BFF3A38C}C:\program files\qlp 2002 deluxe\qlp.exe" = protocol=17 | dir=in | app=c:\program files\qlp 2002 deluxe\qlp.exe |
    "UDP Query User{E4D8CD92-DDD8-4972-8289-DAC6AC3E0489}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
    "UDP Query User{ED300EC9-7843-46F9-8692-C869B351B9C1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
    "{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6CB35178-9E25-48fb-9F86-E40ADC7043B6}" = The Sims™ 2 Best of Business Collection
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7C394403-5751-415F-A0D7-651548D726F9}" = Netgear Update Assistant
    "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
    "{7E6DABBB-ABC1-413C-B312-4A8FD01CAC8B}" = MetaFrame Presentation Server Client
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115232530}" = Jewel Quest 3
    "{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{98A71574-2CEF-4348-8857-654A9F02F12B}" = IRIScan 2
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = The Sims 2 HomeCrafter Plus
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
    "{C259F011-6768-4135-AC64-FCD3FFB3A92F}" = Brother HL-2170W
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5EB90E1-8A46-4ED5-009D-C793E646C04F}" = Need for Speed Underground 2 Demo
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE168BF7-37BA-4797-9440-9AC75738925E}" = LanUpdate
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
    "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E8ADC69C-4F11-483B-A3C9-B42E6A451CD2}" = Belkin Wireless Driver
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{E9E9734C-2EE2-4381-ACCA-AC9B8D372DCC}" = Readiris Pro 11
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "747Boeing_BCA" = 747Boeing_BCA Screen Saver
    "777Boeing_BCA2" = 777Boeing_BCA2 Screen Saver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
    "Akamai" = Akamai NetSession Interface
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.0+6
    "AOL Regclient" = AOL Registration
    "AOL Toolbar" = AOL Toolbar 5.0
    "AOL Toolbar 5.0" =
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Atomaders" = Atomaders
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BearShare MediaBar" = MediaBar 2.0
    "Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
    "Bejeweled Twist 1.0" = Bejeweled Twist 1.0
    "BFG-Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
    "BFGC" = Big Fish Games Client
    "BrainTrain" = Brain Train on the Go (remove only)
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "Cook'n with Betty Crocker" = Cook'n with Betty Crocker
    "Dell Printer Software Uninstall" = Dell Printer Software Uninstall
    "Dell Support Center" = Dell Support Center
    "EA Download Manager" = EA Download Manager
    "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "Google Updater" = Google Updater
    "InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
    "Network MagicUninstall" = Network Magic
    "New LEGO Digital Designer" = LEGO Digital Designer
    "Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.9.12.8
    "NVIDIA Drivers" = NVIDIA Drivers
    "QLP 2002 Manuals" = QLP 2002 Manuals
    "Quicken Lawyer 2002 Personal Deluxe" = Quicken Lawyer 2002 Personal Deluxe
    "RealArcade" = RealArcade
    "RealPlayer 12.0" = RealPlayer
    "Registry Mechanic_is1" = Registry Mechanic 8.0
    "Revo Uninstaller" = Revo Uninstaller 1.91
    "Rhapsody" = Rhapsody
    "Samsung CLP-310 Series" = Samsung CLP-310 Series
    "STANDARDR" = Microsoft Office Standard 2007
    "Stunt Track Driver" = Stunt Track Driver
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/13/2010 12:31:00 AM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
    Description = The program rhapsody.exe version 4.0.5.209 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 19dc Start Time: 01cadac1980b4000 Termination Time: 60000

    Error - 4/13/2010 6:07:23 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
    Description = The program rhapsody.exe version 4.0.5.209 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 16d0 Start Time: 01cadb55463dc920 Termination Time: 41

    Error - 4/13/2010 6:09:29 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
    Description = The program rhapsody.exe version 4.0.5.209 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: f04 Start Time: 01cadb55ba6ef6c0 Termination Time: 60000

    Error - 4/13/2010 8:26:53 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1164 Start Time: 01cadaa34a3d7a50 Termination Time: 0

    Error - 4/13/2010 10:09:40 PM | Computer Name = Family_room_2PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 4/13/2010 10:28:49 PM | Computer Name = Family_room_2PC | Source = McLogEvent | ID = 5051
    Description =

    Error - 4/15/2010 11:41:52 PM | Computer Name = Family_room_2PC | Source = Application Error | ID = 1000
    Description = Faulting application wmplayer.exe, version 11.0.6002.18111, time stamp
    0x4aa91411, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
    exception code 0xc0000005, fault offset 0x000472da, process id 0x10a8, application
    start time 0x01cadd16bf1f2e3d.

    Error - 4/15/2010 11:53:00 PM | Computer Name = Family_room_2PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 4/20/2010 1:27:00 AM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1504 Start Time: 01cadc4d55259c4d Termination Time: 0

    Error - 4/23/2010 10:21:54 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
    Description = The program AOLDesktop.exe version 16.0.2.1 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 2284 Start Time: 01cade8528350360 Termination Time: 183

    [ Media Center Events ]
    Error - 5/26/2008 3:01:13 PM | Computer Name = Family_room_2PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/31/2008 11:42:36 PM | Computer Name = Family_room_2PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 8/14/2008 5:56:52 PM | Computer Name = Family_room_2PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 11/2/2008 12:39:55 AM | Computer Name = Family_room_2PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21293
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 8/18/2010 3:38:23 AM | Computer Name = Family_room_2PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2/4/2011 7:54:19 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/4/2011 7:54:27 PM | Computer Name = Family_room_2PC | Source = DCOM | ID = 10000
    Description =

    Error - 2/4/2011 7:55:58 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/4/2011 8:50:44 PM | Computer Name = Family_room_2PC | Source = netbt | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the interface
    with IP address 192.168.1.15. The computer with the IP address 192.168.1.1 did not
    allow the name to be claimed by this computer.

    Error - 2/4/2011 8:55:32 PM | Computer Name = Family_room_2PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.3 for the Network Card with network
    address 001AA050D3C4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 2/4/2011 11:05:53 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/4/2011 11:07:28 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/4/2011 11:07:49 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 2/4/2011 11:07:51 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/4/2011 11:14:26 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
  10. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
      O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:81F83028
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A3E39C6A
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  11. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    I wasnt sure if you wanted the log for the java thing.
    First 3 logs...


    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Fri Feb 04 22:08:01 2011

    Found and removed: C:\Program Files\Java\jre1.6.0

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

    ------------------------------------

    Finished reporting.


    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
    Registry key HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Starting removal of ActiveX control {74C861A1-D548-4916-BC8A-FDE92EDFF62C}
    C:\Windows\Downloaded Program Files\Setup.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\ProgramData\TEMP:81F83028 deleted successfully.
    ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Deborah
    ->Temp folder emptied: 40634 bytes
    ->Temporary Internet Files folder emptied: 216200 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 93433534 bytes
    ->Flash cache emptied: 566 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kelly x3
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kyle
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lawrence
    ->Temp folder emptied: 32978 bytes
    ->Temporary Internet Files folder emptied: 798465 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68575 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 8831445 bytes

    Total Files Cleaned = 99.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Deborah
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kelly x3
    ->Flash cache emptied: 0 bytes

    User: Kyle
    ->Flash cache emptied: 0 bytes

    User: Lawrence
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02052011_105514

    Files\Folders moved on Reboot...
    C:\Users\Lawrence\AppData\Local\Temp\CMLS--2011-02-04--21-22-50.log moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8Z6E7HE\29[1].png moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F13MU2GG\26[1].png moved successfully.
    C:\Windows\temp\WebEx\Log\24\atashost.log moved successfully.

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  12. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Update Firefox to the latest 3.6.13 version.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ....and Eset.....
  13. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    The eset scan came up with nothing and everything is now updated.
  14. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  15. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Oh thank you so much and thank you for helping me so fast! Now people can stop bothering me about not being able to use this computer!!!
    The computer is doing very well and the only problem i've had is when doing the OTL clean up it froze and after 2 hours of waiting I just restarted the computer on my own.. I notice no other problems otherwise.
    OH and we already have WOT installed but people who use this computer choose to ignore the circle.. I will be having a chat with them all.

    Thank you again so much!
    -Kelly :)
  16. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.