Solved Multiple ieexplore.exe's running in background

[Broni]

Looks good

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[webbrewers]

Computer seems more stable-cpu usage isn't bouncing up and down. The only problem I notice is Outlook [2000] crashes after opening.

OTL logfile created on: 1/27/2012 12:17:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kate Reilly\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 584.97 Mb Available Physical Memory | 57.63% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 14.69 Gb Free Space | 20.71% Space Free | Partition Type: NTFS
Drive F: | 7.50 Gb Total Space | 1.14 Gb Free Space | 15.21% Space Free | Partition Type: FAT32

Computer Name: COMPUTER6 | User Name: Kate Reilly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/01/27 00:16:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate Reilly\Desktop\OTL.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Primomonnt.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008/07/21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2005/01/21 21:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/05/24 07:46:13 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/03/24 09:57:54 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/09/14 04:46:26 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftvolxp.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftredirxp.sys -- (Sftredir)
DRV - [2010/09/14 04:46:20 | 000,209,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftplayxp.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftfsxp.sys -- (Sftfs)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/05/03 10:19:32 | 000,012,112 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se32.sys -- (se32)
DRV - [2007/02/15 13:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys -- (StMp3Rec)
DRV - [2006/10/25 17:46:10 | 000,176,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/01/21 21:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/01/21 21:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/01/21 21:31:46 | 000,035,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/01/21 21:31:44 | 000,172,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/01/21 21:31:44 | 000,046,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/01/21 21:31:40 | 000,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/12/20 17:58:18 | 000,110,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/10/20 19:37:35 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/05/24 07:46:13 | 000,050,896 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/05/24 07:46:13 | 000,050,276 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2002/05/24 07:46:13 | 000,018,928 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/05/24 07:46:13 | 000,016,112 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr11.sys -- (Dot4Print HPH11)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.6.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.41
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.7.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2011/12/13 14:12:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/23 01:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/26 23:07:11 | 000,000,000 | ---D | M]

[2010/04/30 20:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Extensions
[2012/01/26 00:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions
[2010/06/07 10:43:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/15 22:34:10 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}
[2011/11/05 07:20:07 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/01/07 08:32:43 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/12/20 12:34:01 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/11/15 22:42:22 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2011/11/05 07:20:06 | 000,000,000 | ---D | M] ("Flash Video Downloader Youtube Downloader Facebook") -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\artur.dubovoy@gmail.com
[2011/11/05 07:20:07 | 000,000,000 | ---D | M] (SenSEO) -- C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\senseo@nicosteiner.de
[2012/01/25 00:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/08 10:49:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/12/13 14:12:53 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2011/04/08 10:49:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/08 10:49:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/26 21:58:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([onefatherslove] https in Trusted sites)
O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([wb1] http in Trusted sites)
O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([webbrewers] http in Local intranet)
O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([webbrewers] https in Trusted sites)
O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([webbrewers2] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/66.30/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D67D117D-2D1C-431E-9D1A-D2A53BF34899}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/11/26 11:54:26 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\WINDOWS\System32\jpegcode.dll (Zoran Microelectronics Ltd.)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\jpegcode.dll (Zoran Microelectronics Ltd.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/27 00:16:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kate Reilly\Desktop\OTL.exe
[2012/01/26 22:24:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/26 22:21:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/01/26 22:15:07 | 003,968,544 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Kate Reilly\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/26 20:07:10 | 004,391,143 | R--- | C] (Swearware) -- C:\Documents and Settings\Kate Reilly\Desktop\ComboFix.exe
[2012/01/26 20:04:39 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Kate Reilly\Desktop\AppRemover.exe
[2012/01/26 17:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Reilly\Desktop\bootkit_remover
[2012/01/26 17:03:27 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kate Reilly\Desktop\aswMBR.exe
[2012/01/26 09:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/25 23:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\PCHealth
[2012/01/25 23:52:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/25 23:26:55 | 000,000,000 | ---D | C] -- C:\Virus removal
[2012/01/25 22:58:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kate Reilly\Start Menu\Programs\Administrative Tools
[2012/01/25 22:45:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2012/01/24 23:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/24 23:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/24 23:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\0BA1C
[2012/01/24 23:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\B19BF
[2012/01/22 00:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Calculator Plus
[2012/01/22 00:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Reilly\Start Menu\Programs\Microsoft Calculator Plus
[2012/01/12 16:48:52 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kate Reilly\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/10 22:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kate Reilly\My Documents\Fax
[2012/01/03 11:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\firebird
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

[webbrewers]

========== Files - Modified Within 30 Days ==========

[2012/01/27 00:16:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate Reilly\Desktop\OTL.exe
[2012/01/26 23:24:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/01/26 23:22:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/01/26 22:15:03 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kate Reilly\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/26 21:59:40 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/01/26 21:58:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2012/01/26 20:19:31 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 20:07:05 | 004,391,143 | R--- | M] (Swearware) -- C:\Documents and Settings\Kate Reilly\Desktop\ComboFix.exe
[2012/01/26 20:04:23 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Kate Reilly\Desktop\AppRemover.exe
[2012/01/26 18:18:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\prvlcl.dat
[2012/01/26 17:37:30 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2012/01/26 17:36:53 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\iexplore.lnk
[2012/01/26 17:09:02 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\bootkit_remover.zip
[2012/01/26 17:08:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\MBR.dat
[2012/01/26 17:03:04 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kate Reilly\Desktop\aswMBR.exe
[2012/01/25 18:18:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/01/24 00:15:32 | 000,002,597 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2012/01/22 00:47:12 | 000,486,912 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\CalcPlus.msi
[2012/01/14 09:30:56 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/01/13 17:26:14 | 006,193,472 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\nda1.pdf
[2012/01/13 08:29:48 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2012/01/13 01:43:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/13 01:31:21 | 000,466,930 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/01/13 01:31:21 | 000,080,888 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/01/12 16:49:35 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 16:47:34 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kate Reilly\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/10 22:41:00 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2012/01/08 16:26:09 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/03 10:00:01 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\Shortcut to SCANPST.lnk
[2012/01/02 19:47:32 | 000,011,690 | -HS- | M] () -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx
[2012/01/02 19:47:32 | 000,011,690 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/26 17:37:30 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.lnk
[2012/01/26 17:36:41 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Desktop\iexplore.lnk
[2012/01/26 17:09:06 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Desktop\bootkit_remover.zip
[2012/01/26 17:08:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Desktop\MBR.dat
[2012/01/22 00:50:01 | 000,002,597 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2012/01/22 00:47:29 | 000,486,912 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Desktop\CalcPlus.msi
[2012/01/14 09:30:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/01/13 17:23:54 | 006,193,472 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Desktop\nda1.pdf
[2012/01/12 16:49:35 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 22:41:00 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2012/01/03 10:00:01 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Desktop\Shortcut to SCANPST.lnk
[2012/01/02 19:40:39 | 000,011,690 | -HS- | C] () -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx
[2012/01/02 19:40:39 | 000,011,690 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx
[2011/12/01 08:47:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2011/08/20 00:05:41 | 000,195,952 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/28 18:50:43 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/06/28 18:50:42 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/06/28 18:50:42 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/06/28 18:50:42 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/06/28 18:50:42 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/03/24 21:25:05 | 000,006,303 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/03/24 21:25:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/03/10 11:39:43 | 000,213,187 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Application Data\MMUpgrade.jpg
[2011/02/17 15:00:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2010/09/24 11:32:04 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/05 20:11:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\prvlcl.dat
[2010/06/23 18:34:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/05/21 18:36:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/21 18:36:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/21 18:36:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/21 18:36:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/21 18:36:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/18 10:35:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/07 14:06:41 | 000,000,684 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/01 12:04:21 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/05/22 17:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/27 12:36:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/10 14:40:29 | 000,000,731 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2007/01/14 22:15:40 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/09 15:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/27 11:52:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/27 11:42:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/10/27 11:42:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/27 11:09:16 | 000,264,192 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2005/10/27 11:07:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/25 16:55:05 | 000,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2005/05/23 09:35:04 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/03 10:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 10:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 15:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/02/10 18:12:22 | 000,000,545 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/02/10 17:13:31 | 000,000,769 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2005/02/04 21:29:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/01/28 16:19:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/12/25 12:53:31 | 001,172,567 | ---- | C] () -- C:\WINDOWS\Mall Tycoon 2 Uninstaller.exe
[2004/12/25 09:28:32 | 000,055,249 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2004/12/13 19:41:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2004/12/08 16:08:21 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/10/28 18:14:44 | 000,000,319 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2004/10/28 18:11:36 | 000,001,301 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/10/28 18:11:32 | 000,000,189 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2004/10/28 18:06:50 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/10/28 18:06:47 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2004/10/26 16:25:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Application Data\PFP120JPR.{PB
[2004/10/26 16:25:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Kate Reilly\Application Data\PFP120JCM.{PB
[2004/10/26 16:08:55 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/10/26 16:07:14 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2004/10/20 19:52:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/20 19:49:36 | 000,000,538 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/20 19:44:51 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/10/20 19:36:41 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/10/20 19:27:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/10/20 19:26:14 | 000,466,930 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/10/20 19:26:14 | 000,080,888 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/10/20 19:11:24 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/01 16:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/15 22:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:08:08 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 10:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 10:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 16:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/05/26 15:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/06/20 14:09:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/05/24 07:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/12/14 12:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/01/23 22:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/11 12:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1997/06/18 00:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/06/18 10:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.REILLYMICHALSKI.001\Application Data\Business Logic
[2008/11/26 13:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/10/19 09:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/26 22:24:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2004/10/28 18:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Imagineering
[2012/01/03 11:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2011/03/24 21:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2012/01/26 23:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/08 09:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ODIR
[2006/09/06 21:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2011/03/03 14:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/01/26 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/11 09:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/06/14 22:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2006/10/15 17:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Michalski\Application Data\Aim
[2008/09/08 15:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Michalski\Application Data\Business Logic
[2006/04/11 19:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Michalski\Application Data\Inspiration Software
[2004/12/12 19:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Michalski\Application Data\Leadertech
[2005/06/16 14:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Michalski\Application Data\Musicmatch
[2011/03/03 15:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Michalski\Application Data\TechWizard
[2008/11/26 13:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\acccore
[2012/01/25 18:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\Aim
[2011/11/15 22:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\BID
[2005/10/27 11:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\Business Logic
[2012/01/26 20:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\FileZilla
[2004/11/28 18:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\Leadertech
[2011/11/15 22:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\NeoDownloader
[2010/05/18 11:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\NVD
[2011/06/14 22:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\OpenCandy
[2011/01/16 22:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\PandoraRecovery
[2012/01/13 22:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\PrimoPDF
[2012/01/26 23:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\SoftGrid Client
[2011/10/28 10:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\SystemRequirementsLab
[2010/11/01 13:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\TP
[2010/10/01 09:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kate Reilly\Application Data\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/01 11:57:04 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2012/01/25 13:56:15 | 000,000,475 | ---- | M] () -- C:\attach.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/21 18:28:21 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/13 08:29:48 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2012/01/26 23:54:52 | 000,017,760 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/13 20:50:02 | 000,025,088 | ---- | M] () -- C:\coping.docx.doc
[2004/10/20 19:14:48 | 000,005,045 | RH-- | M] () -- C:\DELL.SDR
[2008/04/10 20:47:26 | 000,022,016 | ---- | M] () -- C:\gepa.doc
[2010/06/15 08:08:49 | 000,358,301 | ---- | M] () -- C:\hph7550.log
[2004/08/10 13:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/11/26 13:47:31 | 000,002,054 | -H-- | M] () -- C:\IPH.PH
[2012/01/13 17:22:04 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2007/02/12 14:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\npigl.dll
[2007/02/09 08:55:54 | 000,000,283 | ---- | M] () -- C:\npigl.xpt
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/29 17:27:58 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2007/04/11 19:25:14 | 000,032,768 | ---- | M] () -- C:\outline for english.doc
[2012/01/26 23:21:52 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/02/25 20:56:14 | 000,022,528 | ---- | M] () -- C:\sciencelabreport.doc
[2007/07/13 09:39:39 | 000,000,188 | ---- | M] () -- C:\Shortcut (2) to CD Drive.lnk
[2007/07/13 09:33:57 | 000,000,188 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2004/10/20 19:38:05 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/07/09 07:31:14 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

 

[webbrewers]

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/29 17:36:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/10/26 15:34:27 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/26 20:04:23 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Kate Reilly\Desktop\AppRemover.exe
[2012/01/26 17:03:04 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kate Reilly\Desktop\aswMBR.exe
[2012/01/26 22:15:03 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kate Reilly\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2011/11/15 22:50:15 | 003,042,821 | ---- | M] (Antibody Software ) -- C:\Documents and Settings\Kate Reilly\Desktop\bulk-image-downloader.exe
[2012/01/26 20:07:05 | 004,391,143 | R--- | M] (Swearware) -- C:\Documents and Settings\Kate Reilly\Desktop\ComboFix.exe
[2011/11/10 18:09:31 | 000,537,306 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\D4600A12.EXE
[2011/11/23 16:08:27 | 002,885,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kate Reilly\Desktop\EASetup.exe
[2011/12/13 14:10:39 | 000,700,136 | ---- | M] (Eric Lawrence) -- C:\Documents and Settings\Kate Reilly\Desktop\Fiddler2Setup.exe
[2012/01/25 23:35:26 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kate Reilly\Desktop\IE8-WindowsXP-x86-ENU.exe
[2011/11/30 16:05:58 | 007,549,704 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Desktop\InternationalPrimoPDF.exe
[2012/01/12 16:47:34 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kate Reilly\Desktop\mbam-setup-1.60.0.1800.exe
[2011/10/28 11:45:26 | 000,453,984 | ---- | M] (EnTech Taiwan) -- C:\Documents and Settings\Kate Reilly\Desktop\moninfo.exe
[2012/01/27 00:16:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kate Reilly\Desktop\OTL.exe
[2011/10/28 10:50:48 | 005,157,352 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Kate Reilly\Desktop\R106458.EXE
[2005/10/27 10:05:34 | 000,022,016 | ---- | M] (Gibson Research Corp.) -- C:\Documents and Settings\Kate Reilly\Desktop\shootthemessenger.exe
[2006/03/04 09:45:07 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Kate Reilly\Desktop\WinsockxpFix.exe
[2011/05/26 07:52:37 | 001,247,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kate Reilly\Desktop\wlsetup-web.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2006/04/18 17:33:36 | 000,950,272 | R--- | M] () -- C:\Documents and Settings\Kate Reilly\My Documents\LaunchU3.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/10/26 15:34:26 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Kate Reilly\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Mall Tycoon 2 Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/07 23:13:11 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Kate Reilly\Cookies\desktop.ini
[2012/01/26 23:55:48 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\Kate Reilly\Cookies\INDEX.DAT

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\LOGOWIN.GIF
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\LVBACK.GIF
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\NEWALERT.WAV
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\NEWEMAIL.WAV
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\ONLINE.WAV
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\TYPE.WAV
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\XPMSGR.CHM

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[webbrewers]

OTL Extras logfile created on: 1/27/2012 12:17:56 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kate Reilly\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 584.97 Mb Available Physical Memory | 57.63% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 14.69 Gb Free Space | 20.71% Space Free | Partition Type: NTFS
Drive F: | 7.50 Gb Total Space | 1.14 Gb Free Space | 15.21% Space Free | Partition Type: FAT32

Computer Name: COMPUTER6 | User Name: Kate Reilly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

 

[webbrewers]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

 

[webbrewers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1130369901\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1130369901\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\Program Files\Ares Lite Edition\AresLite.exe" = C:\Program Files\Ares Lite Edition\AresLite.exe:*isabled:Ares Lite Edition -- (Ares Development Group)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe" = C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*isabled:Empires_DMW -- ()
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" = C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW -- (Creative Assembly)
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- ()
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" = C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe:*:Enabled:Verizon Media Manager -- ()
"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 1.0 - HP Photosmart Printer Series
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.8
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}" = iTunes
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{493CCEF3-B98C-4979-92F4-F848C365A82B}" = Verizon FiOS Connection Wizard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50335901-778C-442B-AE79-95BA5A31A589}" = Verizon FiOS Connection Wizard
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{667A1F4B-BFFA-4CF0-8C0B-6ED397370BCB}" = Immortal Cities: Children of the Nile
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6916E491-8BBF-4E8A-AFAD-D01307C059E5}" = Vz In Home Agent
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6E7F1130-F68A-46A1-96ED-5BFE51A3A605}" = Backyard Baseball 2005
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-011A-0409-0000-0000000FF1CE}" = Microsoft Office Live Web Folder Connector
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2010
"{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8C80871-125D-4667-BC0A-E3EEE62597E8}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010
"{90140000-0017-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{E1BDB3A3-E0ED-4347-A84D-5D4A747259CA}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SharePointDesigner_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9520DDEB-237A-41DB-AA20-F2EF2360DCEB}" = Microsoft Online Services Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9F4ECB4A-AFD9-4E9F-8DF2-1E339AF8F2CF}" = ASPCA Tri Reminder by We-Care.com v4.0.7.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
"{D59D6513-2076-11D6-AA2E-0008C760B784}" = Ultimate Ride Coaster Deluxe
"{E16099ED-5AE8-44E5-9620-9B872B826BA0}" = Vivicam 3695
"{E4A0225B-A975-416C-8CF7-C1C025FD32D6}" = YP-U1
"{E59219D4-23B8-11D3-A179-00C04F6C9FA4}" = Microsoft Word Supplemental Templates and Wizards
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{E8650C8D-CCB2-496E-816C-ECC54A7EE411}" = Civilization III Play the World
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.1700
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion Trial 1.00" = Microsoft Age of Empires Expansion Trial
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"AresLite" = Ares Lite Edition 1.8.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"Fiddler2" = Fiddler2
"FileZilla Client" = FileZilla Client 3.5.1
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Inspiration 8 Trial" = Inspiration 8 Trial
"InstallShield_{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}" = iTunes
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{667A1F4B-BFFA-4CF0-8C0B-6ED397370BCB}" = Immortal Cities: Children of the Nile
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"InterActual Player" = InterActual Player
"iolo technologies' System Mechanic" = iolo technologies' System Mechanic
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Mall Tycoon 2" = Mall Tycoon 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Math Odyssey Achievement Test" = Math Odyssey Achievement Test
"Medieval - Total War (TM) - Viking Invasion (TM)" = Medieval - Total War (TM) - Viking Invasion (TM)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monitor Asset Manager" = Monitor Asset Manager

 

[webbrewers]

"Moon Tycoon" = Moon Tycoon
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"ODIR_is1" = ODIR
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SharePointDesigner" = Microsoft SharePoint Designer 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Powerbullet Presenter_is1" = Powerbullet Presenter 1.43
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"RiseOfNationsExpansion 1.0" = Rise of Nations
"RollerCoaster Tycoon Setup" = Roll
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Ultra WinCleaner 2002_is1" = Ultra WinCleaner 2002 Version 8.0
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Media Manager" = Verizon Media Manager
"VLC media player" = VLC media player 1.1.11
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinCleaner OneClick CleanUp_is1" = WinCleaner OneClick Cleanup Version 10
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xint by xtort.net ©_is1" = xint v4.3 by xtort.net ©
"XLViewer97" = Microsoft Excel Viewer 97
"Zoo Tycoon 2" = Zoo Tycoon 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2012 5:15:39 PM | Computer Name = COMPUTER6 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 1/26/2012 9:42:31 PM | Computer Name = COMPUTER6 | Source = CVHSVC | ID = 100
Description = Information only. Scenario SCN_ does not exist in FFB.XML

Error - 1/26/2012 9:45:12 PM | Computer Name = COMPUTER6 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/26/2012 9:51:08 PM | Computer Name = COMPUTER6 | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: A connection with the server could not be established

Error - 1/26/2012 10:09:23 PM | Computer Name = COMPUTER6 | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: A connection with the server could not be established

Error - 1/26/2012 11:57:24 PM | Computer Name = COMPUTER6 | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.2416, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/26/2012 11:57:57 PM | Computer Name = COMPUTER6 | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.2416, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/27/2012 12:09:37 AM | Computer Name = COMPUTER6 | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.2416, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/27/2012 12:23:49 AM | Computer Name = COMPUTER6 | Source = CVHSVC | ID = 100
Description = Information only. Scenario SCN_ does not exist in FFB.XML

Error - 1/27/2012 12:33:46 AM | Computer Name = COMPUTER6 | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: A connection with the server could not be established

[ OSession Events ]
Error - 11/12/2010 11:10:07 PM | Computer Name = REILLYMICHALSKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 7, Application Name: Microsoft Office SharePoint Designer, Application
Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 341 seconds with 300 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 1/26/2012 9:08:53 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/26/2012 9:13:56 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 E-mail Scanner service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/26/2012 9:13:58 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7031
Description = The AVG Free8 WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 1/26/2012 9:14:01 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVG Free8 WatchDog service
to connect.

Error - 1/26/2012 9:14:01 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7000
Description = The AVG Free8 WatchDog service failed to start due to the following
error: %%1053

Error - 1/26/2012 9:18:36 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/26/2012 11:29:07 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7034
Description = The IHA_MessageCenter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/26/2012 11:29:10 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/26/2012 11:29:16 PM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/27/2012 12:58:41 AM | Computer Name = COMPUTER6 | Source = Service Control Manager | ID = 7034
Description = The IHA_MessageCenter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

 

[webbrewers]

Broni,
Once I sorted out the Outlook conflict with AVG, I had no more issues so I assume I'm good to go?
In case you don't post back, I wanted to thank you for your patience and excellent work.

 

[Broni]

I apologize for the delay.
It looks like email notification missed me.
Let me take a look at your logs.....

 

[Broni]

Don't forget to reinstall AVG.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
  SRV - [2005/01/21 21:32:12 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
  SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
  DRV - [2006/10/25 17:46:10 | 000,176,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\SymIDSCo.sys -- (SYMIDSCO)
  DRV - [2005/01/21 21:31:50 | 000,267,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
  DRV - [2005/01/21 21:31:48 | 000,026,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
  DRV - [2005/01/21 21:31:46 | 000,035,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
  DRV - [2005/01/21 21:31:44 | 000,172,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
  DRV - [2005/01/21 21:31:44 | 000,046,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
  DRV - [2005/01/21 21:31:40 | 000,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
  DRV - [2004/12/20 17:58:18 | 000,110,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O3 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
  O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
  O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([]* in Local intranet)
  O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([]http in Trusted sites)
  O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([onefatherslove] https in Trusted sites)
  O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([wb1] http in Trusted sites)
  O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([webbrewers] http in Local intranet)
  O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([webbrewers] https in Trusted sites)
  O15 - HKU\S-1-5-21-2898095836-4186088399-478651291-1006\..Trusted Domains: sharepoint.com ([webbrewers2] https in Trusted sites)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2012/01/02 19:47:32 | 000,011,690 | -HS- | M] () -- C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx
  [2012/01/02 19:47:32 | 000,011,690 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx
  
  :Files
  C:\Program Files\Common Files\Symantec Shared
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[webbrewers]

I reinstalled AVG and will run everything else tomorrow.
Thank you!

 

[Broni]

You're very welcome

 

[webbrewers]

Ok, here we go:

All processes killed
========== OTL ==========
No active process named symwsc.exe was found!
Service SNDSrvc stopped successfully!
Service SNDSrvc deleted successfully!
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe moved successfully.
Service SymWSC stopped successfully!
Service SymWSC deleted successfully!
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe moved successfully.
Service SYMIDSCO stopped successfully!
Service SYMIDSCO deleted successfully!
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\SymIDSCo.sys moved successfully.
Error: Unable to stop service SYMTDI!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys moved successfully.
Service SYMREDRV stopped successfully!
Service SYMREDRV deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys moved successfully.
Service SYMIDS stopped successfully!
Service SYMIDS deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys moved successfully.
Service SYMFW stopped successfully!
Service SYMFW deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys moved successfully.
Service SYMNDIS stopped successfully!
Service SYMNDIS deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys moved successfully.
Service SYMDNS stopped successfully!
Service SYMDNS deleted successfully!
C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys moved successfully.
Error: Unable to stop service SymEvent!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent deleted successfully.
C:\Program Files\Symantec\SYMEVENT.SYS moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\onefatherslove\ not found.
Registry key HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\wb1\ not found.
Registry key HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\webbrewers\ not found.
Registry key HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\webbrewers\ not found.
Registry key HKEY_USERS\S-1-5-21-2898095836-4186088399-478651291-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\webbrewers2\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Kate Reilly\Local Settings\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx moved successfully.
C:\Documents and Settings\All Users\Application Data\wb6cd33hyc50002of8a55b1b706n6e688245r7o6y4kfx moved successfully.
========== FILES ==========
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\incoming folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\BinHub folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070124.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070124.002 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061211.001 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Security Center\Plug-in folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Security Center folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\IDS folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.REILLYMICHALSKI
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.REILLYMICHALSKI.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.REILLYMICHALSKI.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 300 bytes

User: James Michalski
->Temp folder emptied: 49009 bytes
->Temporary Internet Files folder emptied: 34057494 bytes
->Java cache emptied: 3761563 bytes
->FireFox cache emptied: 35016453 bytes

User: Kate Reilly
->Temp folder emptied: 6970782 bytes
->Temporary Internet Files folder emptied: 153796076 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 182490180 bytes
->Flash cache emptied: 3444900 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 28171 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 393216 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 541278 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 78991 bytes
RecycleBin emptied: 162860628 bytes

Total Files Cleaned = 557.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.REILLYMICHALSKI

User: Administrator.REILLYMICHALSKI.000

User: Administrator.REILLYMICHALSKI.001

User: All Users

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: James Michalski
->Java cache emptied: 0 bytes

User: Kate Reilly
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.REILLYMICHALSKI

User: Administrator.REILLYMICHALSKI.000

User: Administrator.REILLYMICHALSKI.001

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: James Michalski

User: Kate Reilly
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01282012_094927

Files\Folders moved on Reboot...
C:\Documents and Settings\Kate Reilly\Local Settings\Temp\CVHLauncher(20120128090025848).log moved successfully.

Registry entries deleted on Reboot...

 

[webbrewers]

Checkup.txt:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
iolo technologies' System Mechanic
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
Ultra WinCleaner 2002 Version 8.0
WinCleaner OneClick Cleanup Version 10
Java(TM) 6 Update 30
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (3.6.24) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
``````````End of Log````````````

 

[webbrewers]

fss.txt

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kate Reilly (administrator) on 28-01-2012 at 10:37:12
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B000000040000000100000002000000030000000800000056000000090000000A000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[webbrewers]

eset:

C:\Documents and Settings\James Michalski\My Documents\social studies\Setup.exe Win32/Adware.180Solutions application
C:\Documents and Settings\Kate Reilly\Application Data\Business Logic\UWC\Backup\J38652.5333523148.WCU Win32/Adware.180Solutions application
C:\Documents and Settings\Kate Reilly\Application Data\Business Logic\UWC\Backup\J39108.4333783565.WCU Win32/Adware.180Solutions application
C:\Documents and Settings\Kate Reilly\Application Data\Mozilla\Firefox\Profiles\wbjb79dx.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}\defaults\preferences\prefs.js Win32/Cycbot.AC.Gen trojan
C:\Program Files\0BA1C\lvvm.exe a variant of Win32/Kryptik.ZKX trojan
C:\Program Files\B19BF\lvvm.exe a variant of Win32/Kryptik.ZKX trojan
C:\Program Files\Zango SiteFinder\3z98zb0g.DLL a variant of Win32/Adware.ClearSearch.AJ application
C:\Program Files\Zango SiteFinder\qy17507p.DLL a variant of Win32/Adware.ClearSearch.AK application
C:\Qoobox\Quarantine\C\Documents and Settings\Kate Reilly\Application Data\427B1\45A20.exe.vir a variant of Win32/Kryptik.ZKX trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Kate Reilly\Application Data\FCC0B\45A20.exe.vir a variant of Win32/Kryptik.ZKX trojan
C:\Qoobox\Quarantine\C\Program Files\LP\20C4\111.exe.vir a variant of Win32/Kryptik.ZKX trojan
C:\Qoobox\Quarantine\C\Program Files\LP\20C4\FB.tmp.vir Win32/PSW.Agent.NTM trojan
C:\Qoobox\Quarantine\C\Program Files\LP\20CF\1.exe.vir Win32/Cycbot.AK trojan
C:\Qoobox\Quarantine\C\Program Files\LP\20CF\4.tmp.vir Win32/PSW.Agent.NTM trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000007.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000314.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000426.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000452.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0001451.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002451.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0002467.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0002546.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0003546.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0003823.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0004823.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0005823.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0005836.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0005846.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0005864.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0005992.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0006992.sys a variant of Win32/Rootkit.Kryptik.IE trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0007228.exe a variant of Win32/Kryptik.ZKX trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0007229.exe a variant of Win32/Kryptik.ZKX trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0007231.exe a variant of Win32/Kryptik.ZKX trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0007232.exe Win32/Cycbot.AK trojan

 

[Broni]

Uninstall:
Ultra WinCleaner
WinCleaner OneClick Cleanup
both rogue programs.

Uninstall iolo technologies' System Mechanic
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

Uninstall:
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==========================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[webbrewers]

Computer seems very good. I notice too some annoying things about IE like sites not opening in tabs have gone away.
The only thing I couldn't uninstall was the old Java software because it says it's "on a network resource that isn't available" or "error applying transforms".

Once again, thanks for your great work!

 

[Broni]

Way to go!!

Good luck and stay safe