[Solved] JAVA/Agent: Not sure if there is a problem or not

Klykyl · Feb 4, 2011

There was a virus on this computer and I thought I got it all last night until Alvira picked it up again, the java agent, so I'm just posting here to make sure this computer is clean. But the original virus was one of those fake little scanner things that says your computer in heavily infected, and it came up after a google image was clicked. I don't know the original name of the little virus I wasn't the one using the computer.

Logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5680

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

2/4/2011 4:06:00 PM
mbam-log-2011-02-04 (16-06-00).txt

Scan type: Quick scan
Objects scanned: 196623
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-04 16:49:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005e ST332062 rev.3.AD
Running: 1fntq03f.exe; Driver: C:\Users\Deborah\AppData\Local\Temp\kxkiipog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86
Run by Deborah at 16:52:08.04 on Fri 02/04/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2327 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Deborah\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070803
uWindow Title = Internet Explorer provided by Dell
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [HostManager] c:\program files\common files\aol\1187236095\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [LanUpdate] "c:\program files\netgear update assistant\LanUpdate.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IRIScan 2 button manager] "c:\program files\iriscn2i\bmanm12.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\deborah\appdata\roaming\mozilla\firefox\profiles\vqok8243.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3.6 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-6-14 4608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-14 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-26 267944]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-9-25 20376]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 61960]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\clickfree\c2nplus\reminder\SacNetAgent.exe [2010-8-18 141640]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-12-17 5120]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-8 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-3 30192]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-6-14 21504]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-3 27192]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\drivers\RTL85n86.sys [2007-8-18 354816]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-04 10:14:01 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3caeaf6a-db60-4a73-9041-f84a3399d0fc}\mpengine.dll
2011-02-04 03:35:48 -------- d-----w- c:\users\deborah\appdata\local\VS Revo Group
2011-02-04 03:35:45 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-02-04 03:33:31 -------- d-----w- c:\program files\VS Revo Group
2011-02-04 03:18:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-03 04:03:44 -------- d-----w- c:\users\deborah\appdata\roaming\Avira
2011-02-03 01:35:35 388096 ----a-r- c:\users\deborah\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-03 01:35:35 -------- d-----w- c:\program files\Trend Micro
2011-01-12 04:56:18 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 04:56:17 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 04:56:16 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 04:56:16 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 04:56:16 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 04:56:16 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 04:56:08 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-10 03:32:35 -------- d-----w- c:\program files\iPod
2011-01-08 18:14:37 -------- d-----w- c:\windows\en
2011-01-08 18:14:15 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-08 17:25:28 -------- d-----w- c:\program files\My Company Name
2011-01-08 17:21:34 -------- d-----w- C:\temp

==================== Find3M ====================

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 16:52:39.25 ===============

I can't find the attach.txt I don't see it and I know I didn't close any logs..

Broni · Feb 4, 2011

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Re-run DDS and you should get Attach.txt file.

When done...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Klykyl · Feb 4, 2011

First two logs

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/3/2007 8:58:02 AM
System Uptime: 2/4/2011 3:53:31 PM (4 hours ago)

Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 145.739 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.007 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

==== System Restore Points ===================

RP826: 12/20/2010 3:40:11 AM - Installed Dell Support Center
RP827: 12/26/2010 5:00:52 PM - Windows Update
RP828: 12/27/2010 3:22:45 PM - Scheduled Checkpoint
RP829: 12/27/2010 4:46:30 PM - Installed Dell Support Center
RP830: 1/7/2011 11:26:44 PM - Scheduled Checkpoint
RP831: 1/8/2011 9:00:06 AM - Installed Dell Support Center
RP832: 1/8/2011 10:01:37 AM - Windows Update
RP833: 1/8/2011 10:06:25 AM - Windows Update
RP834: 1/9/2011 7:25:03 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP835: 1/9/2011 7:26:04 PM - Device Driver Package Install: Apple Network adapters
RP836: 1/10/2011 4:19:46 PM - Removed WinZip 12.0
RP837: 1/12/2011 3:00:20 AM - Windows Update
RP838: 2/2/2011 5:35:04 PM - Installed HiJackThis
RP839: 2/3/2011 2:27:16 AM - Windows Update
RP840: 2/3/2011 6:27:42 PM - Windows Update
RP842: 2/3/2011 7:37:28 PM - Revo Uninstaller Pro's restore point - bearshare
RP844: 2/3/2011 7:40:59 PM - Revo Uninstaller Pro's restore point - limewire
RP846: 2/3/2011 7:45:10 PM - Revo Uninstaller Pro's restore point - norton
RP848: 2/3/2011 7:49:33 PM - Revo Uninstaller Pro's restore point - SUPERAntiSpyware Free Edition
RP850: 2/3/2011 7:52:42 PM - Revo Uninstaller Pro's restore point - ANTI SPYWARE
RP852: 2/3/2011 7:54:13 PM - Revo Uninstaller Pro's restore point - macafee
RP853: 2/4/2011 2:13:11 AM - Windows Update
RP854: 2/4/2011 6:51:30 PM - Scheduled Checkpoint

==== Installed Programs ======================

Sansa Media Converter
3ivx MPEG-4 5.0.3 (remove only)
747Boeing_BCA Screen Saver
777Boeing_BCA2 Screen Saver
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.0+6
AOL Mail and AIM Gadget
AOL Registration
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Atomaders
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe 1.1
Bejeweled Twist 1.0
Belkin Wireless Driver
Big Fish Games Client
Bonjour
Brain Train on the Go (remove only)
Brother HL-2170W
CCleaner
CCScore
Cisco Network Magic
Comcast High-Speed Internet Install Wizard
Conexant D850 PCI V.92 Modem
Cook'n with Betty Crocker
D3DX10
Dell DataSafe Online
Dell Printer Software Uninstall
Dell Support Center
Dell System Customization Wizard
DellSupport
Desktop Doctor
Digital Line Detect
EA Download Manager
EA Download Manager UI
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
FlipShare
Games, Music, & Photos Launcher
Garmin USB Drivers
Garmin WebUpdater
getPlus(R) for Adobe
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP My Display
IRIScan 2
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest 3
Junk Mail filter update
Kodak EasyShare software
LanUpdate
LEGO Digital Designer
Malwarebytes' Anti-Malware
MediaBar 2.0
Mesh Runtime
Messenger Companion
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.6.11)
Mozilla Firefox (3.6.12)
MP3 Player Recovery Tool
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
Need for Speed Underground 2 Demo
netbrdg
Netgear Update Assistant
NetWaiting
Network Magic
Nitto 1320 Legends Public Beta 0.9.12.8
NVIDIA Drivers
NVIDIANetworkDiagnostic
OfotoXMI
OGA Notifier 2.0.0048.0
Paint Shop Pro 7 Anniversary Edition
PlayStation(R)Network Downloader
Product Documentation Launcher
Project64 1.6
Pure Networks Platform
QLP 2002 Manuals
Quicken Lawyer 2002 Personal Deluxe
QuickTime
Readiris Pro 11
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Mechanic 8.0
Revo Uninstaller 1.91
Revo Uninstaller Pro 2.5.1
Rhapsody
Rhapsody MP3 Download Manager
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
Safari
Samsung CLP-310 Series
SDK
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Stunt Track Driver
SUPERAntiSpyware Free Edition
The Sims 2 HomeCrafter Plus
The Sims™ 2 Apartment Life
The Sims™ 2 Best of Business Collection
The Sims™ 2 Double Deluxe
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Seasons
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
URL Assistant
User's Guides
Viewpoint Media Player
VoiceOver Kit
VPRINTOL
Wal-Mart Music Downloads Store
WebEx Support Manager for Internet Explorer
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR archiver
WIRELESS
Yahoo! Music Jukebox
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/4/2011 4:55:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001AA050D3C4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/4/2011 4:50:44 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.15. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
2/4/2011 3:55:58 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/4/2011 3:54:27 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "740" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding
2/4/2011 3:54:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
2/4/2011 3:54:19 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
2/4/2011 3:54:19 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/4/2011 3:54:19 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
2/4/2011 3:30:41 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
2/4/2011 3:30:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/4/2011 3:30:31 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/4/2011 3:30:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/4/2011 3:30:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/4/2011 3:30:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
2/4/2011 3:28:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
2/4/2011 3:28:07 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/4/2011 3:28:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/4/2011 3:25:21 PM, Error: EventLog [6008] - The previous system shutdown at 3:22:56 PM on 2/4/2011 was unexpected.

==== End Of File ===========================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 531
Logical Drives Mask: 0x00001fbc

Kernel Drivers (total 168):
0x82819000 \SystemRoot\system32\ntkrnlpa.exe
0x82BD2000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80605000 \SystemRoot\system32\drivers\acpi.sys
0x8064B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80654000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065C000 \SystemRoot\system32\drivers\pci.sys
0x80683000 \SystemRoot\System32\drivers\partmgr.sys
0x80692000 \SystemRoot\system32\drivers\volmgr.sys
0x806A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EB000 \SystemRoot\system32\drivers\pciide.sys
0x806F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80700000 \SystemRoot\System32\drivers\mountmgr.sys
0x80710000 \SystemRoot\system32\drivers\nvraid.sys
0x80729000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8074A000 \SystemRoot\system32\drivers\atapi.sys
0x80752000 \SystemRoot\system32\drivers\ataport.SYS
0x80770000 \SystemRoot\system32\drivers\nvstor32.sys
0x8078D000 \SystemRoot\system32\drivers\storport.sys
0x807CE000 \SystemRoot\system32\drivers\fltmgr.sys
0x805CE000 \SystemRoot\system32\drivers\fileinfo.sys
0x805DE000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x805F4000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82E05000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E76000 \SystemRoot\system32\drivers\ndis.sys
0x82F81000 \SystemRoot\system32\drivers\msrpc.sys
0x82FAC000 \SystemRoot\system32\drivers\NETIO.SYS
0x83408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83518000 \SystemRoot\system32\drivers\volsnap.sys
0x83551000 \SystemRoot\System32\Drivers\spldr.sys
0x83559000 \SystemRoot\System32\Drivers\mup.sys
0x83568000 \SystemRoot\System32\drivers\ecache.sys
0x8358F000 \SystemRoot\system32\drivers\disk.sys
0x835A0000 \SystemRoot\system32\drivers\crcdisk.sys
0x835A9000 \SystemRoot\system32\DRIVERS\null.sys
0x835E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x835EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82FE7000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8F805000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F80F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F84D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F85C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8F8D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC06000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8FD07000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8FD09000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FD21000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FE0F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9072D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9072F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x907D0000 \SystemRoot\System32\drivers\watchdog.sys
0x8FD27000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x907DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x907E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FD56000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FD79000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FD88000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FD9C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FDB1000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8FE0B000 \SystemRoot\System32\Drivers\PdiPorts.sys
0x8FDB7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FDC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FDD2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x907FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F95E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FDDD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FDE7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F988000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F9BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91600000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F9CE000 \SystemRoot\system32\drivers\portcls.sys
0x91A07000 \SystemRoot\system32\drivers\drmk.sys
0x91A2C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91A35000 \SystemRoot\System32\Drivers\Beep.SYS
0x91A3C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x91A4B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91A52000 \SystemRoot\System32\drivers\vga.sys
0x91A5E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91A7F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91A87000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91A8F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91A9A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91AA8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91AB1000 \SystemRoot\System32\drivers\tcpip.sys
0x91B9B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x91BB6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91BCC000 \SystemRoot\system32\DRIVERS\smb.sys
0x91C05000 \SystemRoot\system32\drivers\afd.sys
0x91C4D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91C7F000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x91C88000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91C9E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91CAC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91CBF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91CC5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x91CEA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x91CF0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91D2C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91D36000 \SystemRoot\System32\Drivers\dfsc.sys
0x91D4D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91D73000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x91D75000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91D82000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x91D8C000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x91DA9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91DBE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9ACC0000 \SystemRoot\System32\win32k.sys
0x91DC0000 \SystemRoot\System32\drivers\Dxapi.sys
0x91DCA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91DD3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91DE3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91BE0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x91BEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91BF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x835B0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9AEE0000 \SystemRoot\System32\TSDDD.dll
0x9AF00000 \SystemRoot\System32\cdd.dll
0x835BF000 \SystemRoot\system32\drivers\luafv.sys
0xA0004000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA0019000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xA0024000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA0025000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA003D000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xA0042000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA0044000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xA004B000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA0052000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA0068000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA0087000 \SystemRoot\system32\drivers\spsys.sys
0xA0137000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA0147000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA0171000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA017B000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xA0185000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA018F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0A0A000 \SystemRoot\system32\drivers\HTTP.sys
0xA0A77000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0A94000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0AAD000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0AC2000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0AE3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0B02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0B3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0B53000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0B7B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA0B91000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0BEE000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA0BF0000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xA0BF2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA3608000 \SystemRoot\system32\drivers\peauth.sys
0xA36E6000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA370E000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3718000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0xA371F000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA372B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA3733000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA3748000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA375A000 \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
0xA376F000 \??\C:\Users\Deborah\AppData\Local\Temp\kxkiipog.sys
0xA3787000 \??\C:\Users\Deborah\AppData\Local\Temp\mbr.sys
0x76DB0000 \Windows\System32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
572 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
672 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\audiodg.exe
1392 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\SLsvc.exe
1468 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\rundll32.exe
1724 C:\Windows\System32\svchost.exe
1924 C:\Windows\System32\spoolsv.exe
1952 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1968 C:\Windows\System32\svchost.exe
1508 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1644 C:\Windows\System32\AERTSrv.exe
1708 C:\Windows\System32\svchost.exe
1712 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1828 C:\Program Files\Common Files\aol\acs\AOLacsd.exe
2020 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
896 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
684 C:\Windows\System32\atashost.exe
1684 C:\Program Files\Bonjour\mDNSResponder.exe
1612 C:\Windows\System32\svchost.exe
1156 C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
1820 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2116 C:\Windows\System32\svchost.exe
2300 C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
2316 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2352 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
2380 C:\Windows\System32\svchost.exe
2416 C:\Windows\System32\svchost.exe
2476 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2500 C:\Windows\System32\SearchIndexer.exe
2620 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2648 C:\Windows\System32\drivers\XAudio.exe
2680 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2904 WmiPrvSE.exe
2956 WUDFHost.exe
3500 C:\Windows\System32\dwm.exe
3536 C:\Windows\System32\taskeng.exe
3636 C:\Windows\System32\taskeng.exe
2628 unsecapp.exe
4240 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4720 C:\Windows\ehome\ehtray.exe
5820 C:\Windows\ehome\ehmsas.exe
3884 C:\Program Files\iPod\bin\iPodService.exe
4144 C:\Program Files\Windows Media Player\wmpnetwk.exe
5780 C:\Windows\System32\rundll32.exe
3408 C:\Windows\explorer.exe
5136 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
3088 C:\Program Files\Mozilla Firefox\firefox.exe
2488 C:\Program Files\Mozilla Firefox\plugin-container.exe
3860 C:\Windows\System32\VSSVC.exe
4016 C:\Windows\System32\svchost.exe
3372 C:\Windows\System32\notepad.exe
5036 C:\Windows\System32\notepad.exe
5188 C:\Windows\System32\SearchProtocolHost.exe
4808 C:\Windows\System32\SearchFilterHost.exe
6036 C:\Users\Deborah\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AD

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Broni · Feb 4, 2011

Go on.......

Klykyl · Feb 4, 2011

ComboFix 11-01-31.02 - Deborah 02/04/2011 19:08:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.1948 [GMT -8:00]
Running from: c:\users\Deborah\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner website.url
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
c:\programdata\PCDr\5744\Downloads\3f27aeb4-f0e2-4006-92ee-e1f5a49cf45f.dll
c:\programdata\PCDr\5744\Downloads\69282cc9-4087-49e4-b903-9638b4f63ccc.dll
c:\programdata\PCDr\5744\Downloads\79d05ae1-1d2a-46cf-9a29-5dd82888a439.dll
c:\programdata\PCDr\5744\Downloads\ace5304d-f4d3-4e03-9b43-c1113c682910.dll
c:\users\Kyle\AppData\Roaming\QUAD Backups
c:\users\Kyle\Desktop\Internet Explorer.lnk
c:\users\Kyle\NO$GBA.EXE
c:\windows\desktop
c:\windows\desktop\Cook'n with Betty Crocker.lnk

.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Deborah\AppData\Local\temp
2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Lawrence\AppData\Local\temp
2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Kyle\AppData\Local\temp
2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Kelly x3\AppData\Local\temp
2011-02-05 03:14 . 2011-02-05 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 10:14 . 2011-01-20 18:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CAEAF6A-DB60-4A73-9041-F84A3399D0FC}\mpengine.dll
2011-02-04 06:11 . 2011-02-04 06:11 -------- d-----w- c:\programdata\WindowsSearch
2011-02-04 03:35 . 2011-02-04 03:35 -------- d-----w- c:\users\Deborah\AppData\Local\VS Revo Group
2011-02-04 03:35 . 2009-12-30 19:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-02-04 03:33 . 2011-02-04 03:35 -------- d-----w- c:\program files\VS Revo Group
2011-02-04 03:18 . 2010-10-19 18:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-03 04:03 . 2011-02-03 04:03 -------- d-----w- c:\users\Deborah\AppData\Roaming\Avira
2011-02-03 01:35 . 2011-02-03 01:35 388096 ----a-r- c:\users\Deborah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-03 01:35 . 2011-02-03 01:35 -------- d-----w- c:\program files\Trend Micro
2011-01-15 23:31 . 2011-01-15 23:31 -------- d-----w- c:\users\Deborah\AppData\Roaming\Yahoo!
2011-01-12 04:56 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 04:56 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 04:56 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 04:56 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 04:56 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 04:56 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 04:56 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-10 07:33 . 2011-01-10 07:33 -------- d-----w- c:\users\Lawrence\AppData\Roaming\KodakCredentialStore
2011-01-10 03:32 . 2011-01-10 03:32 -------- d-----w- c:\program files\iPod
2011-01-08 18:14 . 2011-01-08 18:14 -------- d-----w- c:\windows\en
2011-01-08 18:14 . 2010-09-23 08:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-08 17:25 . 2011-01-08 17:25 -------- d-----w- c:\program files\My Company Name
2011-01-08 17:21 . 2011-01-08 17:21 -------- d-----w- C:\temp
2011-01-08 17:19 . 2011-01-08 17:19 -------- d-----w- c:\users\Lawrence\AppData\Local\Deployment
2011-01-08 17:19 . 2011-01-08 17:19 -------- d-----w- c:\users\Lawrence\AppData\Local\Apps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 09:06 . 2010-12-22 09:06 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-21 02:09 . 2009-09-27 04:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-09-27 04:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 11:37 . 2009-09-26 17:12 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-23 05:38 . 2009-09-26 17:12 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-27 18:15 . 2009-11-24 03:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"HostManager"="c:\program files\Common Files\AOL\1187236095\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"IRIScan 2 button manager"="c:\program files\iriscn2i\bmanm12.exe" [2008-09-02 2323120]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-16 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 232184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Lawrence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-01-17 00:12 280576 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-27 18:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-04-21 03:30 79872 ----a-w- c:\users\Lawrence\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2010-08-10 141640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KXKIIPOG
*Deregistered* - kxkiipog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 04:12]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]

2011-02-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

2011-02-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

2011-02-05 c:\windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070803
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
FF - ProfilePath - c:\users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.6 Beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 19:14
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&317f13c5&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
Completion time: 2011-02-04 19:16:24
ComboFix-quarantined-files.txt 2011-02-05 03:16

Pre-Run: 156,487,589,888 bytes free
Post-Run: 163,785,342,976 bytes free

- - End Of File - - 46505886ED897B3F566F1BDF1ECC74DC

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/04/2011 at 19:35:17.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\runonce.exe
C:\Windows\System32\grpconv.exe

Rkill completed on 02/04/2011 at 19:35:24.

I'm not to sure what you mean by your_name.exe.. I don't see it..

Broni · Feb 4, 2011

Looks good now

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Klykyl · Feb 4, 2011

OTL logfile created on: 2/4/2011 8:19:54 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Deborah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 150.88 Gb Free Space | 52.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Drive F: | 124.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FAMILY_ROOM_2PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
PRC - [2010/12/08 21:38:23 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 02:24:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 02:24:24 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe

========== Modules (SafeList) ==========

MOD - [2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/01/05 17:37:35 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/08 21:38:23 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/03 02:24:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/10 06:50:45 | 000,141,640 | R--- | M] (Storage Appliance Corporation) [Auto | Stopped] -- C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/06/27 10:15:07 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/03/19 09:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/16 16:10:14 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/12/20 03:37:20 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 21:38:27 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/12 20:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 20:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 20:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/07 13:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/14 02:13:00 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008/03/26 12:16:14 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/24 10:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/12 18:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/08/12 18:48:43 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/08/03 15:47:59 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/08/03 15:47:59 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/08/03 15:47:59 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/23 03:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/15 05:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/12 16:49:30 | 000,354,816 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2007/02/25 09:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/29 14:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/01 23:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/06 12:49:00 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070803
IE - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090918
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/16 15:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 18:52:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/06 22:46:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2010/12/26 18:52:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2011/01/06 22:46:16 | 000,000,000 | ---D | M]

[2009/09/25 12:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Extensions
[2011/02/04 20:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\extensions
[2009/09/26 08:56:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/26 09:04:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\vqok8243.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/02/04 16:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/10 00:15:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/21 19:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 15:39:44 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/04 19:14:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1187236095\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IRIScan 2 button manager] C:\Program Files\iriscn2i\bmanm12.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LanUpdate] C:\Program Files\Netgear Update Assistant\LanUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} http://www.crucial.com/controls/cpcVistaBeta.cab (Crucial cpcScan)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/26 09:43:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/06 02:15:22 | 000,000,097 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 20:17:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/02/04 19:16:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/04 19:16:26 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\temp
[2011/02/04 19:05:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/04 15:17:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\TFC.exe
[2011/02/03 22:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/02/03 19:35:48 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Local\VS Revo Group
[2011/02/03 19:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/02/03 19:35:45 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/02/03 19:35:20 | 007,809,352 | ---- | C] (VS Revo Group ) -- C:\Users\Deborah\Desktop\RevoUninProSetup.exe
[2011/02/03 19:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/02/03 19:33:31 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/02/03 19:32:25 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Deborah\Desktop\revosetup.exe
[2011/02/02 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Avira
[2011/02/02 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/02 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/15 15:31:10 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Yahoo!
[2011/01/09 19:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/09 19:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/08 10:14:37 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/08 09:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2011/01/08 09:21:34 | 000,000,000 | ---D | C] -- C:\temp
[2011/01/08 09:11:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

========== Files - Modified Within 30 Days ==========

[2011/02/04 20:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/04 20:20:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
[2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/02/04 19:53:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 19:53:54 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 19:34:21 | 000,720,369 | ---- | M] () -- C:\Users\Deborah\Desktop\rkill.com
[2011/02/04 19:14:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/04 19:04:50 | 004,263,406 | R--- | M] () -- C:\Users\Deborah\Desktop\ComboFix.exe
[2011/02/04 19:02:13 | 000,080,384 | ---- | M] () -- C:\Users\Deborah\Desktop\MBRCheck.exe
[2011/02/04 16:00:19 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/04 16:00:19 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/04 15:56:29 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/04 15:55:59 | 000,000,307 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/02/04 15:54:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/04 15:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/04 15:53:50 | 3687,329,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/04 15:52:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/04 15:17:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\TFC.exe
[2011/02/04 10:02:35 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/02/03 19:35:47 | 000,001,091 | ---- | M] () -- C:\Users\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/02/03 19:35:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/03 19:35:31 | 007,809,352 | ---- | M] (VS Revo Group ) -- C:\Users\Deborah\Desktop\RevoUninProSetup.exe
[2011/02/03 19:34:06 | 049,788,256 | ---- | M] () -- C:\Users\Deborah\Desktop\avira_antivir_personal_en.exe
[2011/02/03 19:33:31 | 000,001,059 | ---- | M] () -- C:\Users\Deborah\Desktop\Revo Uninstaller.lnk
[2011/02/03 19:32:29 | 002,649,016 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Deborah\Desktop\revosetup.exe
[2011/02/03 19:25:58 | 000,000,660 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/02/02 17:43:48 | 000,002,527 | ---- | M] () -- C:\Users\Deborah\Desktop\HiJackThis.lnk
[2011/02/02 17:34:05 | 001,402,880 | ---- | M] () -- C:\Users\Deborah\Desktop\HiJackThis.msi
[2011/02/02 17:20:19 | 000,000,095 | ---- | M] () -- C:\Users\Deborah\AppData\Local\fusioncache.dat
[2011/01/28 10:15:56 | 000,218,652 | ---- | M] () -- C:\Users\Deborah\Desktop\1834_49551.estates.luxury.jpg
[2011/01/28 10:15:02 | 000,157,750 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_36926.estates.luxury.jpg
[2011/01/28 10:14:47 | 000,194,776 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_36927.estates.luxury.jpg
[2011/01/28 10:14:27 | 000,188,288 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_36923.estates.luxury.jpg
[2011/01/28 10:10:29 | 000,287,742 | ---- | M] () -- C:\Users\Deborah\Desktop\2012_55501.estates.luxury.jpg
[2011/01/28 10:07:03 | 000,233,804 | ---- | M] () -- C:\Users\Deborah\Desktop\1990_54935.estates.luxury.jpg
[2011/01/28 10:05:50 | 000,306,402 | ---- | M] () -- C:\Users\Deborah\Desktop\1990_54994.estates.luxury.jpg
[2011/01/26 22:23:35 | 000,035,840 | ---- | M] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 00:54:10 | 000,231,810 | ---- | M] () -- C:\Users\Deborah\Desktop\1980_54594.estates.luxury.jpg
[2011/01/22 00:52:45 | 000,231,423 | ---- | M] () -- C:\Users\Deborah\Desktop\1980_54589.estates.luxury.jpg
[2011/01/22 00:51:33 | 000,264,900 | ---- | M] () -- C:\Users\Deborah\Desktop\1886_51505.estates.luxury.jpg
[2011/01/22 00:47:14 | 000,292,513 | ---- | M] () -- C:\Users\Deborah\Desktop\1831_52092.estates.luxury.jpg
[2011/01/22 00:43:08 | 000,259,224 | ---- | M] () -- C:\Users\Deborah\Desktop\2012_55505.estates.luxury.jpg
[2011/01/22 00:41:32 | 000,286,618 | ---- | M] () -- C:\Users\Deborah\Desktop\2012_55487.estates.luxury.jpg
[2011/01/22 00:38:44 | 000,296,542 | ---- | M] () -- C:\Users\Deborah\Desktop\1406_55686.estates.luxury.jpg
[2011/01/22 00:35:05 | 000,143,525 | ---- | M] () -- C:\Users\Deborah\Desktop\1705_45399.estates.luxury.jpg
[2011/01/22 00:25:04 | 000,264,801 | ---- | M] () -- C:\Users\Deborah\Desktop\1984_54755.estates.luxury.jpg
[2011/01/22 00:24:13 | 000,267,330 | ---- | M] () -- C:\Users\Deborah\Desktop\1984_54749.estates.luxury.jpg
[2011/01/22 00:23:51 | 000,280,575 | ---- | M] () -- C:\Users\Deborah\Desktop\1984_54748.estates.luxury.jpg
[2011/01/20 20:08:53 | 000,349,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/20 00:25:06 | 000,520,859 | ---- | M] () -- C:\Users\Deborah\Desktop\Picture-512.png
[2011/01/20 00:24:50 | 000,458,419 | ---- | M] () -- C:\Users\Deborah\Desktop\Picture-218.png
[2011/01/19 23:39:55 | 000,395,264 | ---- | M] () -- C:\Users\Deborah\Desktop\1987_54802.estates.luxury.jpg
[2011/01/16 20:25:26 | 000,001,236 | RHS- | M] () -- C:\Users\Deborah\ntuser.pol
[2011/01/15 17:38:03 | 000,006,047 | ---- | M] () -- C:\Users\Deborah\Desktop\Router_Setup.html
[2011/01/13 10:21:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/09 23:28:06 | 002,854,912 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/01/09 23:28:06 | 001,457,152 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/01/09 19:34:14 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/06 22:46:17 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

Klykyl · Feb 4, 2011

========== Files Created - No Company Name ==========

[2011/02/04 19:34:21 | 000,720,369 | ---- | C] () -- C:\Users\Deborah\Desktop\rkill.com
[2011/02/04 19:06:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/04 19:04:45 | 004,263,406 | R--- | C] () -- C:\Users\Deborah\Desktop\ComboFix.exe
[2011/02/04 19:02:13 | 000,080,384 | ---- | C] () -- C:\Users\Deborah\Desktop\MBRCheck.exe
[2011/02/03 19:35:47 | 000,001,091 | ---- | C] () -- C:\Users\Deborah\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/02/03 19:35:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/02/03 19:33:31 | 000,001,059 | ---- | C] () -- C:\Users\Deborah\Desktop\Revo Uninstaller.lnk
[2011/02/02 17:35:35 | 000,002,527 | ---- | C] () -- C:\Users\Deborah\Desktop\HiJackThis.lnk
[2011/02/02 17:34:04 | 001,402,880 | ---- | C] () -- C:\Users\Deborah\Desktop\HiJackThis.msi
[2011/02/02 17:20:19 | 000,000,095 | ---- | C] () -- C:\Users\Deborah\AppData\Local\fusioncache.dat
[2011/01/28 10:15:56 | 000,218,652 | ---- | C] () -- C:\Users\Deborah\Desktop\1834_49551.estates.luxury.jpg
[2011/01/28 10:15:02 | 000,157,750 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_36926.estates.luxury.jpg
[2011/01/28 10:14:47 | 000,194,776 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_36927.estates.luxury.jpg
[2011/01/28 10:14:27 | 000,188,288 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_36923.estates.luxury.jpg
[2011/01/28 10:10:29 | 000,287,742 | ---- | C] () -- C:\Users\Deborah\Desktop\2012_55501.estates.luxury.jpg
[2011/01/28 10:07:02 | 000,233,804 | ---- | C] () -- C:\Users\Deborah\Desktop\1990_54935.estates.luxury.jpg
[2011/01/28 10:05:47 | 000,306,402 | ---- | C] () -- C:\Users\Deborah\Desktop\1990_54994.estates.luxury.jpg
[2011/01/22 00:54:09 | 000,231,810 | ---- | C] () -- C:\Users\Deborah\Desktop\1980_54594.estates.luxury.jpg
[2011/01/22 00:52:45 | 000,231,423 | ---- | C] () -- C:\Users\Deborah\Desktop\1980_54589.estates.luxury.jpg
[2011/01/22 00:51:33 | 000,264,900 | ---- | C] () -- C:\Users\Deborah\Desktop\1886_51505.estates.luxury.jpg
[2011/01/22 00:47:13 | 000,292,513 | ---- | C] () -- C:\Users\Deborah\Desktop\1831_52092.estates.luxury.jpg
[2011/01/22 00:42:36 | 000,259,224 | ---- | C] () -- C:\Users\Deborah\Desktop\2012_55505.estates.luxury.jpg
[2011/01/22 00:41:32 | 000,286,618 | ---- | C] () -- C:\Users\Deborah\Desktop\2012_55487.estates.luxury.jpg
[2011/01/22 00:38:43 | 000,296,542 | ---- | C] () -- C:\Users\Deborah\Desktop\1406_55686.estates.luxury.jpg
[2011/01/22 00:35:05 | 000,143,525 | ---- | C] () -- C:\Users\Deborah\Desktop\1705_45399.estates.luxury.jpg
[2011/01/22 00:25:04 | 000,264,801 | ---- | C] () -- C:\Users\Deborah\Desktop\1984_54755.estates.luxury.jpg
[2011/01/22 00:24:13 | 000,267,330 | ---- | C] () -- C:\Users\Deborah\Desktop\1984_54749.estates.luxury.jpg
[2011/01/22 00:23:48 | 000,280,575 | ---- | C] () -- C:\Users\Deborah\Desktop\1984_54748.estates.luxury.jpg
[2011/01/20 00:25:05 | 000,520,859 | ---- | C] () -- C:\Users\Deborah\Desktop\Picture-512.png
[2011/01/20 00:24:48 | 000,458,419 | ---- | C] () -- C:\Users\Deborah\Desktop\Picture-218.png
[2011/01/19 23:39:53 | 000,395,264 | ---- | C] () -- C:\Users\Deborah\Desktop\1987_54802.estates.luxury.jpg
[2011/01/18 20:22:33 | 000,050,632 | ---- | C] () -- C:\Users\Deborah\Desktop\Fatty Heart Filled.ttf
[2011/01/15 15:29:18 | 000,000,172 | R--- | C] () -- C:\Users\Deborah\Desktop\Router Login.url
[2011/01/15 15:29:17 | 000,006,047 | ---- | C] () -- C:\Users\Deborah\Desktop\Router_Setup.html
[2011/01/09 19:34:14 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/08 10:13:41 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/01/08 10:13:13 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/01/08 10:12:13 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/01/08 10:11:38 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/01/08 09:12:19 | 000,000,660 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/01/08 09:12:18 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2010/11/19 21:49:43 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/19 21:25:58 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/11/19 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/11/19 21:25:55 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/11/19 21:25:53 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/11/19 21:22:10 | 000,000,307 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/03/01 14:51:37 | 000,000,162 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/02/02 12:55:30 | 000,000,094 | ---- | C] () -- C:\Windows\Cook'n99.ini
[2009/10/17 16:29:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/24 07:17:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/25 19:04:19 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/01/31 18:16:25 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ESGAppInfo.dll
[2008/12/22 23:13:53 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/12/17 20:25:19 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2008/08/26 07:30:41 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/08/25 18:50:44 | 000,000,680 | ---- | C] () -- C:\Users\Deborah\AppData\Local\d3d9caps.dat
[2008/03/28 04:31:51 | 000,000,370 | ---- | C] () -- C:\Users\Deborah\AppData\Roaming\wklnhst.dat
[2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/09/28 14:39:31 | 000,035,840 | ---- | C] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/16 19:52:42 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/16 19:52:39 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/06/06 08:46:10 | 000,229,376 | ---- | C] () -- C:\Windows\System32\KPDVS.dll
[2007/03/19 02:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 02:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 02:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 02:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 02:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 02:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2007/01/26 11:56:02 | 000,015,360 | ---- | C] () -- C:\Windows\System32\GetInst32.dll
[2006/11/07 11:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 20:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 20:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== LOP Check ==========

[2009/11/02 10:33:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\acccore
[2007/10/29 16:38:48 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Amazon
[2008/12/31 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/27 16:46:24 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\PCDr
[2008/07/23 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Skinux
[2008/03/28 04:31:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah\AppData\Roaming\Template
[2008/10/11 17:13:53 | 000,000,000 | ---D | M] -- C:\Users\Kelly x3\AppData\Roaming\MusicNet
[2008/08/11 11:51:08 | 000,000,000 | ---D | M] -- C:\Users\Kelly x3\AppData\Roaming\Skinux
[2008/11/04 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Kelly x3\AppData\Roaming\Template
[2009/12/05 14:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\acccore
[2009/01/31 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Leadertech
[2010/08/08 21:30:42 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\LEGO Company
[2009/07/26 18:19:12 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MusicNet
[2008/07/26 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Skinux
[2009/08/15 23:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\SmartDraw
[2007/11/12 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Template
[2009/10/23 23:05:24 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\acccore
[2007/08/16 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\DataSafeOnline
[2008/12/20 23:14:30 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\iWin
[2008/12/31 21:30:08 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\MusicNet
[2010/12/16 07:55:32 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\PCDr
[2008/12/26 12:32:26 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\SanDisk
[2008/07/23 06:27:13 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Skinux
[2007/09/10 05:48:55 | 000,000,000 | ---D | M] -- C:\Users\Lawrence\AppData\Roaming\Template
[2011/02/03 19:25:58 | 000,000,660 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/02/04 15:52:23 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/04 10:02:35 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011/02/04 20:20:00 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2008/12/26 09:43:52 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 05:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/02/04 19:16:24 | 000,020,138 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/08/03 15:51:07 | 000,004,585 | RH-- | M] () -- C:\dell.sdr
[2010/11/19 19:04:15 | 000,000,045 | ---- | M] () -- C:\error.log
[2011/02/04 15:53:50 | 3687,329,792 | -HS- | M] () -- C:\hiberfil.sys
[2007/08/19 18:31:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/02 17:14:23 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/08/19 18:31:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/03/22 14:00:33 | 000,000,902 | ---- | M] () -- C:\net_save.dna
[2010/02/11 17:17:08 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/02/11 17:17:08 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2010/02/11 17:17:08 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2010/02/11 17:17:08 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{4768082f-171a-11df-b3ac-00038a000015}.TM.blf
[2010/02/11 17:17:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{4768082f-171a-11df-b3ac-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/02/11 17:17:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{4768082f-171a-11df-b3ac-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2011/02/04 15:53:48 | 4003,012,608 | -HS- | M] () -- C:\pagefile.sys
[2007/08/15 19:06:43 | 000,000,172 | ---- | M] () -- C:\pdisdk.log
[2011/02/04 19:38:47 | 000,000,404 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/06/24 14:31:14 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/04/07 04:32:08 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\cl31cpc.dll
[2008/01/18 23:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/11/02 01:46:11 | 000,089,600 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMPRTPRC.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/22 23:14:04 | 000,503,808 | ---- | M] (ScreenTime Media) -- C:\Windows\747Boeing_BCA.scr
[2008/12/22 23:17:42 | 000,491,520 | ---- | M] (ScreenTime Media) -- C:\Windows\777Boeing_BCA2.scr
[2008/12/22 23:26:08 | 000,177,152 | ---- | M] (ScreenTime Media) -- C:\Windows\IDS 2006_saver.scr
[2001/07/13 07:04:00 | 000,253,952 | ---- | M] () -- C:\Windows\Jasc Media Center Plus.scr
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/07/22 12:25:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/26 20:27:53 | 000,000,286 | -HS- | M] () -- C:\Users\Deborah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/03 19:34:06 | 049,788,256 | ---- | M] () -- C:\Users\Deborah\Desktop\avira_antivir_personal_en.exe
[2011/02/04 19:04:50 | 004,263,406 | R--- | M] () -- C:\Users\Deborah\Desktop\ComboFix.exe
[2011/01/08 14:26:55 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Deborah\Desktop\install_flash_player.exe
[2009/10/16 17:50:53 | 016,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Deborah\Desktop\jre-6u16-windows-i586.exe
[2009/09/26 20:16:25 | 004,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Deborah\Desktop\mbam-setup.exe
[2011/02/04 19:02:13 | 000,080,384 | ---- | M] () -- C:\Users\Deborah\Desktop\MBRCheck.exe
[2011/02/04 20:17:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011/02/03 19:32:29 | 002,649,016 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Deborah\Desktop\revosetup.exe
[2011/02/03 19:35:31 | 007,809,352 | ---- | M] (VS Revo Group ) -- C:\Users\Deborah\Desktop\RevoUninProSetup.exe
[2009/08/13 10:14:18 | 000,472,064 | ---- | M] ( ) -- C:\Users\Deborah\Desktop\RootRepeal.exe
[2009/10/16 20:34:48 | 007,280,672 | ---- | M] () -- C:\Users\Deborah\Desktop\SUPERAntiSpyware.exe
[2011/02/04 15:17:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/09/28 14:36:38 | 000,000,402 | -HS- | M] () -- C:\Users\Deborah\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/09/25 14:07:28 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2009/10/17 16:29:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:81F83028
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

Klykyl · Feb 4, 2011

OTL Extras logfile created on: 2/4/2011 8:19:54 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Deborah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 150.88 Gb Free Space | 52.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 0.01 Gb Free Space | 0.07% Space Free | Partition Type: NTFS
Drive F: | 124.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FAMILY_ROOM_2PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034BD947-5F10-4AB5-B7FB-ED9567DA605A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{076F34F7-C648-4C8E-AAA0-CC8CB1F60564}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11F4AD7C-6F4F-4B5A-8CD6-C4AF2495450C}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{123EEFFB-9A4D-4D63-8F7D-0B504BE004CD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{18AE9BFD-7FB7-4B77-9AFC-64BD2C676F21}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1DDF2BB5-04EA-42FB-9DC9-BF3572164638}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21B32BCF-7C8B-4193-B8EF-69C13A7683F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2F39F0EB-5828-4141-B7BF-975452CA64FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4FB3400F-AC93-4C79-8390-D287CB06EA10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{533BA531-2B9C-48CB-AEC3-F17F382247B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{6328F90B-CA0F-4C7C-BD30-2B0EB7961E81}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{685A7F1C-5501-4A56-A984-C920592DB3A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69056E13-E0B4-49A9-A919-DBBEAACB0C42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{712C0DC1-8D14-47D0-8635-F9C9ECB8A21D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77342798-4F43-40E0-8302-AF971673F0A0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7791D617-C39F-40D8-85BB-2A9BFA0E93A3}" = lport=53271 | protocol=17 | dir=in | app=c:\programdata\clickfree\c2nplus\reminder\sacnetagent.exe |
"{77ECAEFA-A4DA-4DC4-B9AE-58C4E7F58CBE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8B5FE0EE-8CDE-4A27-8ED2-6AF225DD5FA9}" = lport=53272 | protocol=6 | dir=in | app=c:\programdata\clickfree\c2nplus\reminder\sacnetagent.exe |
"{8F8EB675-9DAB-4025-BBF7-BA454790BE55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FCF62E0-8510-4EDA-B1B3-BD532488CAA4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92AC6864-DDC0-4AB9-AD34-4B39D9F5BDBE}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BA59258-EAC6-491A-AE38-30E6BB06AA1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{9F072455-8C5E-4440-A49B-B25F8E6B63EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{A3180DCE-67E7-486A-82B9-C6C4A86E5C6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A96F7111-51D4-40D4-A306-6F9E8B07EA3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{BA261464-8CA7-444C-85BF-E62DC51EB025}" = rport=139 | protocol=6 | dir=out | app=system |
"{C16FC710-EFEC-4973-A77C-CF69EDBC01F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5D7887B-D8D8-42C2-82D7-9762ECB75DB4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C9F3F145-494B-41A9-B4CB-39585901F413}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4028774-40EB-490D-B39C-14F7B3B92474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4487A50-AF56-4E85-842D-F3907D60B3D3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DE5ABD35-129F-4B46-B4E3-F184767B4589}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E19CC63C-D36E-4A8A-86B4-0768895D4F18}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF5E47DC-8007-48D7-812A-3D2F32170A7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1BF7AE0-B0D8-4CC0-B73E-51F8BAE90246}" = rport=445 | protocol=6 | dir=out | app=system |
"{FACD3CB2-18A0-4923-8E0D-4D3716EC4E5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE559D84-85E8-4880-B2B2-9832583E082A}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DE06E9-4B77-4E2B-ACD4-65E4682A172E}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{089FC9E0-6241-4AAF-9F2B-C166DE3DD1B5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{10B2E045-40F3-490A-B4ED-5C48F5CD0930}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{111ADB07-1F82-459E-9515-BDFADFBA8ED3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{219548AD-FFF4-4022-93A6-C6B1F2864EEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{231CC0E2-0501-46D8-9ADF-F904DEDEBC34}" = protocol=6 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
"{28BE3816-3549-4C34-B5FF-C74B6ACAA972}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BF2B685-FCA7-4D41-B8EE-4F9CBDC3BC91}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{308849F4-5A58-4C66-9DDF-7E9BB02A11E1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{3213F2C7-8005-404F-A615-8324C3F1B308}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{3C716002-7E47-4F93-9731-6155FD2F5098}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E69325C-E9DE-4299-90D1-8E62E27CA518}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4073EF9C-B834-458F-9B88-14398F54C0DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51DFB163-E4C1-4D6C-B81F-A29E80872039}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{561C1C42-F1F4-4280-A21D-3EEEFFA278D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{598D39AF-7DF9-485B-B5D7-7282F5161116}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aoldesktop.exe |
"{5CC8C423-34A4-416F-95CB-862FDCBEABD0}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{5CEDE7A0-1801-4FA0-8A20-A88AD156F7E7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5DABCB33-755B-4813-88D9-CF617B9B3F90}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{60B558DE-CB83-42D6-87B0-FF5D725C39A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{61399F2F-949F-418B-8501-3CB23E3ED6BC}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{74063AB1-BF36-4993-8331-D1DDA07857BF}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{7AC1A55B-B942-422A-A132-728C1373A816}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CEC8921-FE04-475B-9F36-D5F3564444C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{852EBBA8-363A-4B19-B77A-5F46AED6CA5E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8D24686F-ABC8-4235-B873-99A927F1E17D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{8F56E7A1-7192-4069-BF2F-9C414725B16A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aolsoftware.exe |
"{94AF665F-5353-4E73-97DE-433C15BA1F7A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{9BE81FCF-7F7C-40B5-9335-0C9D3957C1F7}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{9E3530F4-0727-4238-8DC2-6FBC47E95269}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EB823C6-8A72-4761-BF9F-68D5A042C421}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{A0D34522-BAE0-4BF2-AAB1-467270B55553}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{A4D9CD1E-9160-458B-93EA-B8F2E5B8E245}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AA62ACE0-45D7-4C22-804D-B1B780696D6B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{B7E439BB-2C01-4A9C-80C7-5EA5167CD58B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aolsoftware.exe |
"{BFCB32F7-EA16-47B2-833C-16CF5484B843}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0698C53-E947-4909-9928-4C5F36341335}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{C0DF6E4A-566C-4FEA-8ABD-2BDE3C5A005F}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{C4523F9B-AEF5-43CA-99F5-65126AD980CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB38FA7E-19A0-44E7-B078-F5BC4986BDF1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CB3B5143-6452-4158-8E1F-702F4BC69949}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{D67077E5-5932-4E09-AF9A-DBEF8B696EA2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1187236095\ee\aoldesktop.exe |
"{D7281315-F75B-45CE-8B38-C6D0A9D35FF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D79DBCCF-A890-4921-80AF-FB160155E30F}" = protocol=6 | dir=out | app=system |
"{EE867953-2693-45F2-9476-95DEF0B56987}" = protocol=17 | dir=in | app=c:\program files\aol 9.1a\waol.exe |
"{F2DA56B4-2356-457F-92E4-B6F7E676CF7D}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{F3821350-4786-4342-84A4-884FC3C61747}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F416855F-7D05-49BF-A27C-0DB9BFA46382}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD0FCCFD-5BA6-40B2-8291-6475CBFA7A61}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FD71B4F8-020E-4EF3-A3A5-220169474BDA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"TCP Query User{247327CB-8E8B-421C-ACE2-5E83D85D8FF4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2C5A4277-A66D-446E-97E5-F9C4B43B46E4}C:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe |
"TCP Query User{3E90F69E-7232-4C32-AC30-7B969BA42EEE}E:\bin\config\configassistant.exe" = protocol=6 | dir=in | app=e:\bin\config\configassistant.exe |
"TCP Query User{488F28A2-A01A-493F-8D9C-6C5C50700F42}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{61EF89B0-2F4B-44FF-A341-D1BA67C14971}C:\program files\qlp 2002 deluxe\qlp.exe" = protocol=6 | dir=in | app=c:\program files\qlp 2002 deluxe\qlp.exe |
"TCP Query User{93107784-D003-4C80-89BF-89B677A16E3B}C:\program files\microsoft games\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\flight simulator 9\fs9.exe |
"TCP Query User{A0DC9781-F9D6-4A9F-A4D2-5A1EAF66D1C2}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{B743A5C1-AE63-4600-86E9-55C223BD513B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{C05A5788-3BBF-43C9-858D-472B07D04AC6}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"TCP Query User{C89BABDA-A2E0-4F5A-BD8C-57E68EA1B905}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{DD38997C-A094-4D5F-8557-0B9E52428D8B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{05777E43-9BB2-4184-9353-4BD72C4EB041}E:\bin\config\configassistant.exe" = protocol=17 | dir=in | app=e:\bin\config\configassistant.exe |
"UDP Query User{216C655D-2767-428B-9D01-CF93B35570D7}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{219AEA5C-BE54-4744-9FA5-A857579ACE18}C:\program files\microsoft games\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\flight simulator 9\fs9.exe |
"UDP Query User{2A7D4E2C-31E8-4AF6-A016-829153B20974}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{41D5284E-9B0C-420C-9088-448B57141631}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{41F4DD39-42C5-4B63-9D1D-B384E3C7F439}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{4D6C300C-65B3-4C7E-9F80-B867D226130D}C:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\kyle\appdata\local\roblox\versions\version-4207b946cf5449f2\robloxapp.exe |
"UDP Query User{4E95E26E-FC6C-4AA9-B855-39D77B59C943}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{95CEA846-E6CB-4755-81FB-C0C6BFF3A38C}C:\program files\qlp 2002 deluxe\qlp.exe" = protocol=17 | dir=in | app=c:\program files\qlp 2002 deluxe\qlp.exe |
"UDP Query User{E4D8CD92-DDD8-4972-8289-DAC6AC3E0489}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{ED300EC9-7843-46F9-8692-C869B351B9C1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6CB35178-9E25-48fb-9F86-E40ADC7043B6}" = The Sims™ 2 Best of Business Collection
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7C394403-5751-415F-A0D7-651548D726F9}" = Netgear Update Assistant
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E6DABBB-ABC1-413C-B312-4A8FD01CAC8B}" = MetaFrame Presentation Server Client
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115232530}" = Jewel Quest 3
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98A71574-2CEF-4348-8857-654A9F02F12B}" = IRIScan 2
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1899CD8-9584-4DC5-00AE-48F47CF81183}" = The Sims 2 HomeCrafter Plus
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{C259F011-6768-4135-AC64-FCD3FFB3A92F}" = Brother HL-2170W
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5EB90E1-8A46-4ED5-009D-C793E646C04F}" = Need for Speed Underground 2 Demo
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE168BF7-37BA-4797-9440-9AC75738925E}" = LanUpdate
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E8ADC69C-4F11-483B-A3C9-B42E6A451CD2}" = Belkin Wireless Driver
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9E9734C-2EE2-4381-ACCA-AC9B8D372DCC}" = Readiris Pro 11
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"747Boeing_BCA" = 747Boeing_BCA Screen Saver
"777Boeing_BCA2" = 777Boeing_BCA2 Screen Saver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.0+6
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Atomaders" = Atomaders
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BearShare MediaBar" = MediaBar 2.0
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"BFG-Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"BFGC" = Big Fish Games Client
"BrainTrain" = Brain Train on the Go (remove only)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Cook'n with Betty Crocker" = Cook'n with Betty Crocker
"Dell Printer Software Uninstall" = Dell Printer Software Uninstall
"Dell Support Center" = Dell Support Center
"EA Download Manager" = EA Download Manager
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"Network MagicUninstall" = Network Magic
"New LEGO Digital Designer" = LEGO Digital Designer
"Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.9.12.8
"NVIDIA Drivers" = NVIDIA Drivers
"QLP 2002 Manuals" = QLP 2002 Manuals
"Quicken Lawyer 2002 Personal Deluxe" = Quicken Lawyer 2002 Personal Deluxe
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Revo Uninstaller" = Revo Uninstaller 1.91
"Rhapsody" = Rhapsody
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"STANDARDR" = Microsoft Office Standard 2007
"Stunt Track Driver" = Stunt Track Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2010 12:31:00 AM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
Description = The program rhapsody.exe version 4.0.5.209 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 19dc Start Time: 01cadac1980b4000 Termination Time: 60000

Error - 4/13/2010 6:07:23 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
Description = The program rhapsody.exe version 4.0.5.209 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16d0 Start Time: 01cadb55463dc920 Termination Time: 41

Error - 4/13/2010 6:09:29 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
Description = The program rhapsody.exe version 4.0.5.209 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f04 Start Time: 01cadb55ba6ef6c0 Termination Time: 60000

Error - 4/13/2010 8:26:53 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1164 Start Time: 01cadaa34a3d7a50 Termination Time: 0

Error - 4/13/2010 10:09:40 PM | Computer Name = Family_room_2PC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/13/2010 10:28:49 PM | Computer Name = Family_room_2PC | Source = McLogEvent | ID = 5051
Description =

Error - 4/15/2010 11:41:52 PM | Computer Name = Family_room_2PC | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6002.18111, time stamp
0x4aa91411, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x000472da, process id 0x10a8, application
start time 0x01cadd16bf1f2e3d.

Error - 4/15/2010 11:53:00 PM | Computer Name = Family_room_2PC | Source = Windows Search Service | ID = 3013
Description =

Error - 4/20/2010 1:27:00 AM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1504 Start Time: 01cadc4d55259c4d Termination Time: 0

Error - 4/23/2010 10:21:54 PM | Computer Name = Family_room_2PC | Source = Application Hang | ID = 1002
Description = The program AOLDesktop.exe version 16.0.2.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2284 Start Time: 01cade8528350360 Termination Time: 183

[ Media Center Events ]
Error - 5/26/2008 3:01:13 PM | Computer Name = Family_room_2PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/31/2008 11:42:36 PM | Computer Name = Family_room_2PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/14/2008 5:56:52 PM | Computer Name = Family_room_2PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/2/2008 12:39:55 AM | Computer Name = Family_room_2PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21293
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/18/2010 3:38:23 AM | Computer Name = Family_room_2PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/4/2011 7:54:19 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/4/2011 7:54:27 PM | Computer Name = Family_room_2PC | Source = DCOM | ID = 10000
Description =

Error - 2/4/2011 7:55:58 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/4/2011 8:50:44 PM | Computer Name = Family_room_2PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.15. The computer with the IP address 192.168.1.1 did not
allow the name to be claimed by this computer.

Error - 2/4/2011 8:55:32 PM | Computer Name = Family_room_2PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001AA050D3C4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/4/2011 11:05:53 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/4/2011 11:07:28 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/4/2011 11:07:49 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7034
Description =

Error - 2/4/2011 11:07:51 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/4/2011 11:14:26 PM | Computer Name = Family_room_2PC | Source = Service Control Manager | ID = 7030
Description =

< End of report >

Broni · Feb 5, 2011

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

======================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O3 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1464156989-3786269669-3921397701-1002\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:81F83028
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A3E39C6A


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Klykyl · Feb 5, 2011

I wasnt sure if you wanted the log for the java thing.
First 3 logs...

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Feb 04 22:08:01 2011

Found and removed: C:\Program Files\Java\jre1.6.0

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

------------------------------------

Finished reporting.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1464156989-3786269669-3921397701-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {74C861A1-D548-4916-BC8A-FDE92EDFF62C}
C:\Windows\Downloaded Program Files\Setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74C861A1-D548-4916-BC8A-FDE92EDFF62C}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:81F83028 deleted successfully.
ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deborah
->Temp folder emptied: 40634 bytes
->Temporary Internet Files folder emptied: 216200 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 93433534 bytes
->Flash cache emptied: 566 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kelly x3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lawrence
->Temp folder emptied: 32978 bytes
->Temporary Internet Files folder emptied: 798465 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68575 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8831445 bytes

Total Files Cleaned = 99.00 mb

[EMPTYFLASH]

User: All Users

User: Deborah
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kelly x3
->Flash cache emptied: 0 bytes

User: Kyle
->Flash cache emptied: 0 bytes

User: Lawrence
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02052011_105514

Files\Folders moved on Reboot...
C:\Users\Lawrence\AppData\Local\Temp\CMLS--2011-02-04--21-22-50.log moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8Z6E7HE\29[1].png moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F13MU2GG\26[1].png moved successfully.
C:\Windows\temp\WebEx\Log\24\atashost.log moved successfully.

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Broni · Feb 5, 2011

Update Firefox to the latest 3.6.13 version.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

....and Eset.....

Klykyl · Feb 5, 2011

The eset scan came up with nothing and everything is now updated.

Broni · Feb 5, 2011

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Klykyl · Feb 5, 2011

Oh thank you so much and thank you for helping me so fast! Now people can stop bothering me about not being able to use this computer!!!
The computer is doing very well and the only problem i've had is when doing the OTL clean up it froze and after 2 hours of waiting I just restarted the computer on my own.. I notice no other problems otherwise.
OH and we already have WOT installed but people who use this computer choose to ignore the circle.. I will be having a chat with them all.

Thank you again so much!
-Kelly

Broni · Feb 5, 2011

Way to go!!
Good luck and stay safe

TechSpot

[Solved] JAVA/Agent: Not sure if there is a problem or not

Klykyl Newcomer, in training

Broni Malware Annihilator

Klykyl Newcomer, in training

Broni Malware Annihilator

Klykyl Newcomer, in training

Broni Malware Annihilator

Klykyl Newcomer, in training

Klykyl Newcomer, in training

Klykyl Newcomer, in training

Broni Malware Annihilator

Klykyl Newcomer, in training

Broni Malware Annihilator

Klykyl Newcomer, in training

Broni Malware Annihilator

Klykyl Newcomer, in training

Broni Malware Annihilator