Thanks,
Will
TDL3Mem-A Chrome stopped working IE google redirects
Started by
whawk
, Jun 19 2010 07:29 PM
#1
Posted 19 June 2010 - 07:29 PM
whawk
-
- Member
-
- 3 posts
New Member
Thanks,
Will
#2
Posted 19 June 2010 - 07:36 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Do as much of
http://www.geekstogo...uide-t2852.html
as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.
If you lose internet access after running MBAM or if you are not able to get to the downloads:
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.
In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.
Ron
http://www.geekstogo...uide-t2852.html
as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.
If you lose internet access after running MBAM or if you are not able to get to the downloads:
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.
In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.
Ron
#3
Posted 24 June 2010 - 10:23 PM
whawk
- Topic Starter
-
- Member
-
- 3 posts
New Member
Thank you for your help. Whenever I try to run the gmer I get the blue screen of death. My chrome now works and everything looks better but I am still going to past the logs.
OTL logfile created on: 6/25/2010 12:06:30 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Will\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 337.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.95 Gb Total Space | 10.88 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WILL
Current User Name: Will
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/19 21:15:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
PRC - [2010/06/19 09:53:58 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/19 09:53:55 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/15 11:03:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/14 20:01:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Will\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/02 01:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/05/26 11:03:40 | 002,346,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/04/17 00:14:14 | 006,418,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
PRC - [2010/03/09 19:54:51 | 000,429,096 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/03/09 19:54:50 | 000,175,144 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/03/09 19:51:23 | 000,093,736 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/03/09 19:50:15 | 000,104,488 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/03/09 19:47:13 | 000,802,816 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2010/03/09 19:45:59 | 000,278,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2009/12/06 00:48:58 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/25 05:23:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/14 22:54:52 | 000,451,584 | ---- | M] () -- C:\Program Files\GmoteServer\GmoteServer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/16 15:57:26 | 000,814,728 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/26 15:39:44 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/06/06 16:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
========== Modules (SafeList) ==========
MOD - [2010/06/19 21:15:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/06/19 09:53:55 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/09 19:54:50 | 000,175,144 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/03/09 19:51:23 | 000,093,736 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/03/09 19:50:15 | 000,104,488 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/03/09 19:47:13 | 000,802,816 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2010/03/09 19:45:59 | 000,278,528 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2009/12/06 00:48:58 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/06 00:48:50 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/09/18 18:51:19 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-090808-172447)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/16 15:57:26 | 000,814,728 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/01/13 02:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2010/06/14 01:07:43 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/09 19:51:39 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2010/03/09 19:49:52 | 000,152,192 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2009/11/06 14:25:37 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/10/02 20:49:27 | 000,012,532 | ---- | M] (Virtual Ink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mimiousb.sys -- (mimio) Virtual Ink's mimio USB Adapter (mimiousb.sys)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/06/06 16:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 15:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/09 15:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/08 21:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 19:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 19:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/31 08:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/01/13 02:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2006/01/13 02:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2006/01/13 02:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2006/01/13 02:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070922
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070922
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070922
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.26
FF - prefs.js..extensions.enabledItems: {0dad0080-ca5a-11da-a94d-0800200c9a66}:0.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100529
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Google\Web Accelerator\firefox [2008/06/22 02:28:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/16 19:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/20 19:03:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/20 19:03:09 | 000,000,000 | ---D | M]
[2008/08/24 14:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Extensions
[2008/08/24 14:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Extensions\[email protected]
[2010/06/19 00:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions
[2008/08/31 22:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{0dad0080-ca5a-11da-a94d-0800200c9a66}
[2010/06/19 00:24:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/19 00:56:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/19 00:24:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/31 19:38:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/12/30 21:23:18 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/04/25 19:18:14 | 000,000,000 | ---D | M] (Media Agent plugin 2) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{BA979AD0-A3C5-4b32-A47E-4550BF00ECC7}
[2008/12/03 08:47:32 | 000,000,000 | ---D | M] (Wizz RSS News Reader) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2010/06/19 00:57:06 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/06/19 00:56:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/19 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2008/07/07 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2010/06/19 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2009/12/30 21:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2008/07/04 00:01:32 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\searchplugins\webster.xml
[2010/06/19 00:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/06/01 15:27:03 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {7739E5FA-6A1E-4E4B-975D-56F2DAF0EDB9} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {794ac8d7-5de5-460e-8968-6d79d27677bb} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Will\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Will\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\qoMffCtS: DllName - qoMffCtS.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - Reg Error: Value error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRKCrPF) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{30cf1178-953b-11dd-9b04-001c2387b116}\Shell\Explore\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{30cf1178-953b-11dd-9b04-001c2387b116}\Shell\Launch\command - "" = E:\portablevaultaes.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell - "" = AutoRun
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7b5cc284-e606-11de-9ba4-001c2691e082}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{97fe35dd-691e-11dd-a2e4-001c2387b116}\Shell - "" = AutoRun
O33 - MountPoints2\{97fe35dd-691e-11dd-a2e4-001c2387b116}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97fe35dd-691e-11dd-a2e4-001c2387b116}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fc2c6890-6faa-11dd-9af3-001c2387b116}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/20 18:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\3D Realistic Fireplace 3
[2010/06/20 18:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/20 16:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/19 22:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Application Data\Malwarebytes
[2010/06/19 22:30:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/19 22:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/19 22:30:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/19 22:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/19 22:30:10 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Will\Desktop\mbam-setup.exe
[2010/06/19 22:28:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/19 22:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/19 22:27:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Will\Desktop\erunt_setup.exe
[2010/06/19 22:11:02 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\TFC.exe
[2010/06/19 21:15:13 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
[2010/06/19 20:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Desktop\new
[2010/06/19 10:48:08 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2010/06/19 10:47:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg(2)
[2010/06/19 10:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/19 00:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/19 00:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/18 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/18 23:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/26 23:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Desktop\Hawaii
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/03 23:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[1 C:\Documents and Settings\Will\My Documents\*.tmp files -> C:\Documents and Settings\Will\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/06/25 00:08:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/25 00:06:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-536015823-1587469497-3370010176-1005UA.job
[2010/06/25 00:00:01 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/06/24 23:56:28 | 000,107,888 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/24 20:44:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/24 20:06:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-536015823-1587469497-3370010176-1005Core.job
[2010/06/24 11:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/24 03:00:01 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Thursday 3am Scan.job
[2010/06/24 02:06:19 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/23 22:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/23 21:32:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/06/23 08:45:17 | 000,107,888 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/06/23 03:30:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/23 03:28:52 | 000,493,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:28:52 | 000,090,948 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 03:28:50 | 000,594,576 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:26:18 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/06/23 03:24:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 03:23:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/23 03:23:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 03:23:13 | 1071,837,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 03:22:33 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Will\NTUSER.DAT
[2010/06/20 19:02:52 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/20 18:59:46 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Cool 3D Screen Savers.lnk
[2010/06/20 18:59:46 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3D Realistic Fireplace 3.lnk
[2010/06/20 17:59:16 | 012,507,956 | -H-- | M] () -- C:\Documents and Settings\Will\Local Settings\Application Data\IconCache.db
[2010/06/20 16:51:56 | 000,001,484 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\DivX Movies.lnk
[2010/06/20 16:51:04 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/20 16:50:12 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/19 22:30:40 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/19 22:30:13 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Will\Desktop\mbam-setup.exe
[2010/06/19 22:28:42 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Will\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 22:28:34 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\NTREGOPT.lnk
[2010/06/19 22:28:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\ERUNT.lnk
[2010/06/19 22:27:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Will\Desktop\erunt_setup.exe
[2010/06/19 22:27:27 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Malware and Spyware Cleaning Guide.url
[2010/06/19 22:11:04 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\TFC.exe
[2010/06/19 21:15:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
[2010/06/19 21:01:33 | 000,070,400 | ---- | M] () -- C:\Documents and Settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/19 20:57:49 | 000,273,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/19 18:53:37 | 061,233,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/06/19 10:48:09 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2010/06/19 10:47:42 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2010/06/19 10:33:47 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Google Chrome.lnk
[2010/06/18 23:49:00 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/06/18 23:47:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/18 23:23:34 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Will\My Documents\vlc-1.0.5-win32.exe
[2010/06/18 23:04:33 | 000,015,797 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Third Year of the Affiliation Between the Two Parties.docx
[2010/06/16 22:52:22 | 000,174,656 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Scenarios Covered.docx
[2010/06/14 01:07:43 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/10 08:53:26 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2010/06/09 19:50:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/22 17:22:40 | 000,008,209 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\graph.jpg
[2010/05/12 14:05:59 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/30 14:00:10 | 004,478,464 | ---- | M] () -- C:\WINDOWS\ss3dfire.scr
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/19 19:43:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/07 19:53:25 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[1 C:\Documents and Settings\Will\My Documents\*.tmp files -> C:\Documents and Settings\Will\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/20 19:02:52 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/20 18:59:46 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Cool 3D Screen Savers.lnk
[2010/06/20 18:59:46 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3D Realistic Fireplace 3.lnk
[2010/06/20 18:59:43 | 000,125,440 | ---- | C] () -- C:\WINDOWS\dx7ogl32.dll
[2010/06/20 18:59:42 | 004,478,464 | ---- | C] () -- C:\WINDOWS\ss3dfire.scr
[2010/06/20 18:59:38 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/20 16:51:56 | 000,001,484 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\DivX Movies.lnk
[2010/06/20 16:51:04 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/20 16:50:12 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/19 23:41:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\gmer.exe
[2010/06/19 22:30:40 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/19 22:28:42 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Will\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 22:28:34 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\NTREGOPT.lnk
[2010/06/19 22:28:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\ERUNT.lnk
[2010/06/19 22:27:27 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Malware and Spyware Cleaning Guide.url
[2010/06/19 10:47:42 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2010/06/19 10:47:18 | 061,233,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/06/19 10:33:47 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Google Chrome.lnk
[2010/06/18 23:49:00 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/06/18 23:41:42 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/18 23:02:05 | 000,015,797 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Third Year of the Affiliation Between the Two Parties.docx
[2010/06/16 22:52:22 | 000,174,656 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Scenarios Covered.docx
[2010/05/22 17:22:40 | 000,008,209 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\graph.jpg
[2010/05/12 14:05:59 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/07 19:53:25 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2009/12/22 22:45:48 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/29 01:35:28 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/10 00:50:10 | 000,000,103 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2009/06/10 00:48:39 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/06/10 00:48:22 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/06/10 00:48:09 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2009/06/10 00:48:08 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2009/06/10 00:48:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2009/06/10 00:48:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2009/04/14 15:42:12 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/01/24 14:43:40 | 000,000,058 | ---- | C] () -- C:\WINDOWS\DragDropUploadUI.INI
[2008/10/02 20:49:57 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\mimio_printer_resource.dll
[2008/08/29 00:16:59 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/08/07 23:14:35 | 001,487,932 | -HS- | C] () -- C:\WINDOWS\System32\mgqmivfy.ini
[2008/08/06 23:08:48 | 000,882,217 | -HS- | C] () -- C:\WINDOWS\System32\FPrCKRqr.ini2
[2008/08/06 23:08:48 | 000,882,217 | -HS- | C] () -- C:\WINDOWS\System32\FPrCKRqr.ini
[2008/07/22 17:16:38 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini
[2008/06/01 19:18:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/01 19:18:23 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/02/24 14:35:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/17 09:22:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/12/12 15:46:08 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/12/10 19:35:27 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/04 22:23:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/28 21:43:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/09/22 03:14:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/22 03:09:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/09/22 02:59:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/22 02:59:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/22 02:38:38 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/22 02:38:18 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/22 02:38:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/22 02:38:17 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/22 02:38:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/22 02:37:17 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/07/25 09:24:28 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/10 07:51:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/15 18:54:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
========== LOP Check ==========
[2009/01/19 12:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/06/19 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/22 22:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2008/10/02 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/04/25 19:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2009/11/29 01:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/03/09 19:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/06/10 00:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2008/01/28 17:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/02 20:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2009/09/29 22:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/24 14:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/06 00:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/26 22:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/21 09:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/19 10:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/21 14:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 23:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 00:47:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/02/19 02:05:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/09/17 06:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/19 15:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/13 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Amazon
[2009/12/22 22:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Canneverbe_Limited
[2007/11/04 22:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\CiscoCAA
[2009/09/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\CopyTrans
[2009/10/04 15:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\CopyTransPhoto
[2008/08/08 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\DNA
[2008/12/27 12:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Foxit
[2010/06/19 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Gmote
[2009/01/19 12:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\IObit
[2008/02/20 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\iPodifier
[2007/10/26 23:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\LimeWire
[2007/09/27 01:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mp3tag
[2010/03/11 00:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Red Kawa
[2009/09/03 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\RipIt4Me
[2009/06/10 00:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Stylus Studio
[2008/08/24 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\TomTom
[2009/12/06 00:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\TuneUp Software
[2008/10/02 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Uniblue
[2010/06/20 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\uTorrent
[2009/09/21 15:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\WindSolutions
[2008/03/10 02:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Winff
[2009/09/23 07:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\wootalyzer
[2010/06/25 00:00:01 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/06/23 03:30:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/24 02:06:19 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/24 03:00:01 | 000,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\Thursday 3am Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/06/23 03:23:10 | 000,032,476 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/07 17:28:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/23 03:23:13 | 1071,837,184 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/02 21:23:18 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/11/09 23:15:08 | 000,000,117 | ---- | M] () -- C:\INSTALL.LOG
[2009/08/26 22:37:15 | 000,000,738 | -H-- | M] () -- C:\IPH.PH
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/25 17:41:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/23 03:23:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/06/19 21:07:25 | 000,051,656 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_19.06.2010_21.07.00_log.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/10/02 20:49:21 | 000,025,928 | ---- | M] (Black Ice Software, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mimio_printer_processor.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AUOptions" = 4
"AUState" = 2
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3
"NoAutoUpdate" = 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 6/19/2010 9:16:03 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Will\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.95 Gb Total Space | 13.23 Gb Free Space | 18.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WILL
Current User Name: Will
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [IDFThis] -- C:\Program Files\Identity Finder\IdentityFinder.exe /searchfile="%1" (Identity Finder, LLC)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"8192:TCP" = 8192:TCP:*:Enabled:Sophos AntiVirus
"8193:TCP" = 8193:TCP:*:Enabled:Sophos AntiVirus
"8194:TCP" = 8194:TCP:*:Enabled:Sophos AntiVirus
"2967:UDP" = 2967:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38293:UDP" = 38293:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:TCP" = 38037:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:TCP" = 38292:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:UDP" = 38037:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:UDP" = 38292:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"22098:TCP" = 22098:TCP:*:Enabled:BitComet 22098 TCP
"22098:UDP" = 22098:UDP:*:Enabled:BitComet 22098 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"8192:TCP" = 8192:TCP:*:Enabled:Sophos AntiVirus
"8193:TCP" = 8193:TCP:*:Enabled:Sophos AntiVirus
"8194:TCP" = 8194:TCP:*:Enabled:Sophos AntiVirus
"2967:UDP" = 2967:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38293:UDP" = 38293:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:TCP" = 38037:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:TCP" = 38292:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:UDP" = 38037:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:UDP" = 38292:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft Office\Office12\EXCEL.EXE" = C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{46F2A322-7A34-4EEC-B7FA-62A2F3DAB44A}" = UofRMachineCheck
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1975EB-27E6-491D-94BC-6355FA25F40F}" = Google Web Accelerator
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A74B5E-49B8-45A5-A92A-5087CC7F0970}" = Identity Finder Home Edition
"{74AF00DC-F72E-486E-9ECA-0EA76E7EDA30}" = mimio Studio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED929E5-37D5-4E01-8052-4FF5E67F403D}" = OverDrive Media Console
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACD27BF3-7CDC-11D7-9D4D-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_04
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"AxCrypt" = AxCrypt (Remove Only)
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"Convert XLS_is1" = Convert XLS
"CopyTrans Suite" = CopyTrans Suite Remove Only
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Extension Changer" = Extension Changer
"Foxit Reader" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OVT Scanner" = Uninstall OVT Scanner
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007 Trial
"RealPlayer 12.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"SynTPDeinstKey" = Dell Touchpad
"Videora iPod Converter" = Videora iPod Converter 5.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 0.33
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YouTube Downloader App" = YouTube Downloader App 1.02
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = DNA
"ESPN Java Check" = ESPN Java Check
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 284: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 512: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 8:21:52 PM | Computer Name = WILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 6/19/2010 8:21:53 PM | Computer Name = WILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
[ OSession Events ]
Error - 7/13/2009 9:46:52 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:46:56 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:03 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:08 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:15 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:22 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:26 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:35 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:55 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
Error - 8/29/2009 8:24:05 AM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 6/9/2010 6:54:23 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...nesMiniPlayer.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
MsMpEng.exe, (start check timestamp [ 1cb0826b3c6dd48]).
Error - 6/9/2010 6:54:24 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...rMode\userenv.log]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
winlogon.exe, (start check timestamp [ 1cb0826b4132888]).
Error - 6/9/2010 6:54:24 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...drivers\etc\hosts]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
svchost.exe, (start check timestamp [ 1cb0826b49fd346]).
Error - 6/9/2010 6:54:24 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...ers\etc\hosts.ics]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
svchost.exe, (start check timestamp [ 1cb0826b4b2e616]).
Error - 6/19/2010 11:06:21 AM | Computer Name = WILL | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/19/2010 8:09:22 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the OpenCASE Media Agent
service to connect.
Error - 6/19/2010 8:09:22 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7000
Description = The OpenCASE Media Agent service failed to start due to the following
error: %%1053
Error - 6/19/2010 8:58:08 PM | Computer Name = WILL | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824
Error
Code: 0x80092003 Error description: An error occurred while reading or writing to
a file. Signatures loading: %%825 Loading signature version: 1.83.1826.0 Loading
engine version: 1.1.5802.0
Error - 6/19/2010 9:09:55 PM | Computer Name = WILL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 6/19/2010 9:10:40 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor
< End of report >
OTL logfile created on: 6/25/2010 12:06:30 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Will\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 337.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.95 Gb Total Space | 10.88 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WILL
Current User Name: Will
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/19 21:15:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
PRC - [2010/06/19 09:53:58 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/19 09:53:55 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/15 11:03:21 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/14 20:01:19 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Will\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/06/02 01:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/05/26 11:03:40 | 002,346,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/04/17 00:14:14 | 006,418,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
PRC - [2010/03/09 19:54:51 | 000,429,096 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/03/09 19:54:50 | 000,175,144 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/03/09 19:51:23 | 000,093,736 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/03/09 19:50:15 | 000,104,488 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/03/09 19:47:13 | 000,802,816 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2010/03/09 19:45:59 | 000,278,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2009/12/06 00:48:58 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/25 05:23:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/14 22:54:52 | 000,451,584 | ---- | M] () -- C:\Program Files\GmoteServer\GmoteServer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/16 15:57:26 | 000,814,728 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/26 15:39:44 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/06/06 16:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
========== Modules (SafeList) ==========
MOD - [2010/06/19 21:15:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/06/19 09:53:55 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/09 19:54:50 | 000,175,144 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/03/09 19:51:23 | 000,093,736 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/03/09 19:50:15 | 000,104,488 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/03/09 19:47:13 | 000,802,816 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2010/03/09 19:45:59 | 000,278,528 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2009/12/06 00:48:58 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/12/06 00:48:50 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/09/18 18:51:19 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-090808-172447)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/16 15:57:26 | 000,814,728 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/01/13 02:46:57 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2010/06/14 01:07:43 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/09 19:51:39 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2010/03/09 19:49:52 | 000,152,192 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2009/11/06 14:25:37 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/10/02 20:49:27 | 000,012,532 | ---- | M] (Virtual Ink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mimiousb.sys -- (mimio) Virtual Ink's mimio USB Adapter (mimiousb.sys)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/06/06 16:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 15:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/09 15:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/08 21:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 19:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 19:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/31 08:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/01/13 02:46:58 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2006/01/13 02:46:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2006/01/13 02:46:58 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2006/01/13 02:46:57 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070922
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070922
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070922
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.26
FF - prefs.js..extensions.enabledItems: {0dad0080-ca5a-11da-a94d-0800200c9a66}:0.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100529
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Google\Web Accelerator\firefox [2008/06/22 02:28:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/16 19:00:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/20 19:03:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/20 19:03:09 | 000,000,000 | ---D | M]
[2008/08/24 14:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Extensions
[2008/08/24 14:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Extensions\[email protected]
[2010/06/19 00:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions
[2008/08/31 22:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{0dad0080-ca5a-11da-a94d-0800200c9a66}
[2010/06/19 00:24:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/19 00:56:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/19 00:24:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/08/31 19:38:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/12/30 21:23:18 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/04/25 19:18:14 | 000,000,000 | ---D | M] (Media Agent plugin 2) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{BA979AD0-A3C5-4b32-A47E-4550BF00ECC7}
[2008/12/03 08:47:32 | 000,000,000 | ---D | M] (Wizz RSS News Reader) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2010/06/19 00:57:06 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/06/19 00:56:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/19 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2008/07/07 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2010/06/19 00:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2009/12/30 21:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\extensions\[email protected]
[2008/07/04 00:01:32 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\ja4s1557.default\searchplugins\webster.xml
[2010/06/19 00:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/06/01 15:27:03 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - Reg Error: Value error. File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {7739E5FA-6A1E-4E4B-975D-56F2DAF0EDB9} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {794ac8d7-5de5-460e-8968-6d79d27677bb} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Will\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Will\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\qoMffCtS: DllName - qoMffCtS.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - Reg Error: Value error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRKCrPF) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{30cf1178-953b-11dd-9b04-001c2387b116}\Shell\Explore\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{30cf1178-953b-11dd-9b04-001c2387b116}\Shell\Launch\command - "" = E:\portablevaultaes.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell - "" = AutoRun
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7b5cc284-e606-11de-9ba4-001c2691e082}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{97fe35dd-691e-11dd-a2e4-001c2387b116}\Shell - "" = AutoRun
O33 - MountPoints2\{97fe35dd-691e-11dd-a2e4-001c2387b116}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97fe35dd-691e-11dd-a2e4-001c2387b116}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fc2c6890-6faa-11dd-9af3-001c2387b116}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/20 18:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\3D Realistic Fireplace 3
[2010/06/20 18:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/20 16:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/19 22:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Application Data\Malwarebytes
[2010/06/19 22:30:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/19 22:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/19 22:30:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/19 22:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/19 22:30:10 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Will\Desktop\mbam-setup.exe
[2010/06/19 22:28:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/19 22:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/19 22:27:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Will\Desktop\erunt_setup.exe
[2010/06/19 22:11:02 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\TFC.exe
[2010/06/19 21:15:13 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
[2010/06/19 20:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Desktop\new
[2010/06/19 10:48:08 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2010/06/19 10:47:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg(2)
[2010/06/19 10:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/19 00:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/19 00:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/18 23:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/18 23:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/26 23:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Desktop\Hawaii
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/03 23:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[1 C:\Documents and Settings\Will\My Documents\*.tmp files -> C:\Documents and Settings\Will\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/06/25 00:08:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/25 00:06:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-536015823-1587469497-3370010176-1005UA.job
[2010/06/25 00:00:01 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/06/24 23:56:28 | 000,107,888 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/24 20:44:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/24 20:06:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-536015823-1587469497-3370010176-1005Core.job
[2010/06/24 11:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/24 03:00:01 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Thursday 3am Scan.job
[2010/06/24 02:06:19 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/23 22:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/23 21:32:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/06/23 08:45:17 | 000,107,888 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/06/23 03:30:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/23 03:28:52 | 000,493,094 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:28:52 | 000,090,948 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 03:28:50 | 000,594,576 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:26:18 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/06/23 03:24:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 03:23:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/23 03:23:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 03:23:13 | 1071,837,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 03:22:33 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Will\NTUSER.DAT
[2010/06/20 19:02:52 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/20 18:59:46 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Cool 3D Screen Savers.lnk
[2010/06/20 18:59:46 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3D Realistic Fireplace 3.lnk
[2010/06/20 17:59:16 | 012,507,956 | -H-- | M] () -- C:\Documents and Settings\Will\Local Settings\Application Data\IconCache.db
[2010/06/20 16:51:56 | 000,001,484 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\DivX Movies.lnk
[2010/06/20 16:51:04 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/20 16:50:12 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/19 22:30:40 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/19 22:30:13 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Will\Desktop\mbam-setup.exe
[2010/06/19 22:28:42 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Will\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 22:28:34 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\NTREGOPT.lnk
[2010/06/19 22:28:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\ERUNT.lnk
[2010/06/19 22:27:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Will\Desktop\erunt_setup.exe
[2010/06/19 22:27:27 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Malware and Spyware Cleaning Guide.url
[2010/06/19 22:11:04 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\TFC.exe
[2010/06/19 21:15:31 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
[2010/06/19 21:01:33 | 000,070,400 | ---- | M] () -- C:\Documents and Settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/19 20:57:49 | 000,273,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/19 18:53:37 | 061,233,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/06/19 10:48:09 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2010/06/19 10:47:42 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2010/06/19 10:33:47 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Google Chrome.lnk
[2010/06/18 23:49:00 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/06/18 23:47:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/18 23:23:34 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Will\My Documents\vlc-1.0.5-win32.exe
[2010/06/18 23:04:33 | 000,015,797 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Third Year of the Affiliation Between the Two Parties.docx
[2010/06/16 22:52:22 | 000,174,656 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Scenarios Covered.docx
[2010/06/14 01:07:43 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/10 08:53:26 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2010/06/09 19:50:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/22 17:22:40 | 000,008,209 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\graph.jpg
[2010/05/12 14:05:59 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/30 14:00:10 | 004,478,464 | ---- | M] () -- C:\WINDOWS\ss3dfire.scr
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/19 19:43:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/07 19:53:25 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[1 C:\Documents and Settings\Will\My Documents\*.tmp files -> C:\Documents and Settings\Will\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/20 19:02:52 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/20 18:59:46 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Cool 3D Screen Savers.lnk
[2010/06/20 18:59:46 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3D Realistic Fireplace 3.lnk
[2010/06/20 18:59:43 | 000,125,440 | ---- | C] () -- C:\WINDOWS\dx7ogl32.dll
[2010/06/20 18:59:42 | 004,478,464 | ---- | C] () -- C:\WINDOWS\ss3dfire.scr
[2010/06/20 18:59:38 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/20 16:51:56 | 000,001,484 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\DivX Movies.lnk
[2010/06/20 16:51:04 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/20 16:50:12 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/19 23:41:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\gmer.exe
[2010/06/19 22:30:40 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/19 22:28:42 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Will\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/19 22:28:34 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\NTREGOPT.lnk
[2010/06/19 22:28:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\ERUNT.lnk
[2010/06/19 22:27:27 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Malware and Spyware Cleaning Guide.url
[2010/06/19 10:47:42 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\iavichjw.avm
[2010/06/19 10:47:18 | 061,233,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/06/19 10:33:47 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Google Chrome.lnk
[2010/06/18 23:49:00 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
[2010/06/18 23:41:42 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/18 23:02:05 | 000,015,797 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Third Year of the Affiliation Between the Two Parties.docx
[2010/06/16 22:52:22 | 000,174,656 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Scenarios Covered.docx
[2010/05/22 17:22:40 | 000,008,209 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\graph.jpg
[2010/05/12 14:05:59 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/07 19:53:25 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2009/12/22 22:45:48 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/29 01:35:28 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/10 00:50:10 | 000,000,103 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2009/06/10 00:48:39 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/06/10 00:48:22 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2009/06/10 00:48:09 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2009/06/10 00:48:08 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2009/06/10 00:48:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2009/06/10 00:48:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2009/04/14 15:42:12 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/01/24 14:43:40 | 000,000,058 | ---- | C] () -- C:\WINDOWS\DragDropUploadUI.INI
[2008/10/02 20:49:57 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\mimio_printer_resource.dll
[2008/08/29 00:16:59 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/08/07 23:14:35 | 001,487,932 | -HS- | C] () -- C:\WINDOWS\System32\mgqmivfy.ini
[2008/08/06 23:08:48 | 000,882,217 | -HS- | C] () -- C:\WINDOWS\System32\FPrCKRqr.ini2
[2008/08/06 23:08:48 | 000,882,217 | -HS- | C] () -- C:\WINDOWS\System32\FPrCKRqr.ini
[2008/07/22 17:16:38 | 000,000,261 | ---- | C] () -- C:\WINDOWS\mp3merger.ini
[2008/06/01 19:18:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/01 19:18:23 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/02/24 14:35:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/17 09:22:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/12/12 15:46:08 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/12/10 19:35:27 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/04 22:23:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/28 21:43:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/09/22 03:14:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/22 03:09:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/09/22 02:59:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/22 02:59:28 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/22 02:38:38 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/22 02:38:18 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/22 02:38:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/22 02:38:17 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/22 02:38:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/22 02:37:17 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/07/25 09:24:28 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/10 07:51:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/10/15 18:54:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
========== LOP Check ==========
[2009/01/19 12:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/06/19 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/22 22:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2008/10/02 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/04/25 19:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2009/11/29 01:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/03/09 19:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/06/10 00:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2008/01/28 17:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/10/02 20:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2009/09/29 22:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/24 14:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/06 00:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/26 22:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/21 09:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/19 10:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/21 14:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 23:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 00:47:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/02/19 02:05:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/09/17 06:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/19 15:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/13 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Amazon
[2009/12/22 22:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Canneverbe_Limited
[2007/11/04 22:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\CiscoCAA
[2009/09/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\CopyTrans
[2009/10/04 15:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\CopyTransPhoto
[2008/08/08 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\DNA
[2008/12/27 12:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Foxit
[2010/06/19 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Gmote
[2009/01/19 12:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\IObit
[2008/02/20 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\iPodifier
[2007/10/26 23:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\LimeWire
[2007/09/27 01:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mp3tag
[2010/03/11 00:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Red Kawa
[2009/09/03 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\RipIt4Me
[2009/06/10 00:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Stylus Studio
[2008/08/24 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\TomTom
[2009/12/06 00:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\TuneUp Software
[2008/10/02 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Uniblue
[2010/06/20 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\uTorrent
[2009/09/21 15:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\WindSolutions
[2008/03/10 02:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Winff
[2009/09/23 07:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\wootalyzer
[2010/06/25 00:00:01 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/06/23 03:30:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/24 02:06:19 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/24 03:00:01 | 000,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\Thursday 3am Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/06/23 03:23:10 | 000,032,476 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/07 17:28:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/23 03:23:13 | 1071,837,184 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/02 21:23:18 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/11/09 23:15:08 | 000,000,117 | ---- | M] () -- C:\INSTALL.LOG
[2009/08/26 22:37:15 | 000,000,738 | -H-- | M] () -- C:\IPH.PH
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/25 17:41:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/23 03:23:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/06/19 21:07:25 | 000,051,656 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_19.06.2010_21.07.00_log.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/10/02 20:49:21 | 000,025,928 | ---- | M] (Black Ice Software, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mimio_printer_processor.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AUOptions" = 4
"AUState" = 2
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3
"NoAutoUpdate" = 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 6/19/2010 9:16:03 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Will\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.95 Gb Total Space | 13.23 Gb Free Space | 18.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WILL
Current User Name: Will
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [IDFThis] -- C:\Program Files\Identity Finder\IdentityFinder.exe /searchfile="%1" (Identity Finder, LLC)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"8192:TCP" = 8192:TCP:*:Enabled:Sophos AntiVirus
"8193:TCP" = 8193:TCP:*:Enabled:Sophos AntiVirus
"8194:TCP" = 8194:TCP:*:Enabled:Sophos AntiVirus
"2967:UDP" = 2967:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38293:UDP" = 38293:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:TCP" = 38037:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:TCP" = 38292:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:UDP" = 38037:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:UDP" = 38292:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"22098:TCP" = 22098:TCP:*:Enabled:BitComet 22098 TCP
"22098:UDP" = 22098:UDP:*:Enabled:BitComet 22098 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"8192:TCP" = 8192:TCP:*:Enabled:Sophos AntiVirus
"8193:TCP" = 8193:TCP:*:Enabled:Sophos AntiVirus
"8194:TCP" = 8194:TCP:*:Enabled:Sophos AntiVirus
"2967:UDP" = 2967:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38293:UDP" = 38293:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:TCP" = 38037:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:TCP" = 38292:TCP:*:Enabled:Symantec AntiVirus Corporate Edition
"38037:UDP" = 38037:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
"38292:UDP" = 38292:UDP:*:Enabled:Symantec AntiVirus Corporate Edition
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft Office\Office12\EXCEL.EXE" = C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{46F2A322-7A34-4EEC-B7FA-62A2F3DAB44A}" = UofRMachineCheck
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1975EB-27E6-491D-94BC-6355FA25F40F}" = Google Web Accelerator
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A74B5E-49B8-45A5-A92A-5087CC7F0970}" = Identity Finder Home Edition
"{74AF00DC-F72E-486E-9ECA-0EA76E7EDA30}" = mimio Studio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED929E5-37D5-4E01-8052-4FF5E67F403D}" = OverDrive Media Console
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACD27BF3-7CDC-11D7-9D4D-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_04
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"AxCrypt" = AxCrypt (Remove Only)
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"Convert XLS_is1" = Convert XLS
"CopyTrans Suite" = CopyTrans Suite Remove Only
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Extension Changer" = Extension Changer
"Foxit Reader" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OVT Scanner" = Uninstall OVT Scanner
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007 Trial
"RealPlayer 12.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag
"SUPER ©" = SUPER © Version 2008.bld.32 (July 8, 2008)
"SynTPDeinstKey" = Dell Touchpad
"Videora iPod Converter" = Videora iPod Converter 5.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 0.33
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YouTube Downloader App" = YouTube Downloader App 1.02
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = DNA
"ESPN Java Check" = ESPN Java Check
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 284: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 7:55:32 PM | Computer Name = WILL | Source = Bonjour Service | ID = 100
Description = 512: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 6/19/2010 8:21:52 PM | Computer Name = WILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 6/19/2010 8:21:53 PM | Computer Name = WILL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
[ OSession Events ]
Error - 7/13/2009 9:46:52 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 45
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:46:56 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:03 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:08 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:15 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:22 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:26 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:35 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 7/13/2009 9:47:55 PM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
Error - 8/29/2009 8:24:05 AM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 6/9/2010 6:54:23 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...nesMiniPlayer.dll]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
MsMpEng.exe, (start check timestamp [ 1cb0826b3c6dd48]).
Error - 6/9/2010 6:54:24 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...rMode\userenv.log]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
winlogon.exe, (start check timestamp [ 1cb0826b4132888]).
Error - 6/9/2010 6:54:24 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...drivers\etc\hosts]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
svchost.exe, (start check timestamp [ 1cb0826b49fd346]).
Error - 6/9/2010 6:54:24 PM | Computer Name = WILL | Source = SAVOnAccessControl | ID = 3997781
Description = File [...ers\etc\hosts.ics]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
svchost.exe, (start check timestamp [ 1cb0826b4b2e616]).
Error - 6/19/2010 11:06:21 AM | Computer Name = WILL | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/19/2010 8:09:22 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the OpenCASE Media Agent
service to connect.
Error - 6/19/2010 8:09:22 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7000
Description = The OpenCASE Media Agent service failed to start due to the following
error: %%1053
Error - 6/19/2010 8:58:08 PM | Computer Name = WILL | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824
Error
Code: 0x80092003 Error description: An error occurred while reading or writing to
a file. Signatures loading: %%825 Loading signature version: 1.83.1826.0 Loading
engine version: 1.1.5802.0
Error - 6/19/2010 9:09:55 PM | Computer Name = WILL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 6/19/2010 9:10:40 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor
< End of report >
#4
Posted 24 June 2010 - 10:26 PM
whawk
- Topic Starter
-
- Member
-
- 3 posts
New Member
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4217
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
6/19/2010 11:18:18 PM
mbam-log-2010-06-19 (23-18-18).txt
Scan type: Quick scan
Objects scanned: 146653
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\BMb3581cd3.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb3581cd3.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
www.malwarebytes.org
Database version: 4217
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
6/19/2010 11:18:18 PM
mbam-log-2010-06-19 (23-18-18).txt
Scan type: Quick scan
Objects scanned: 146653
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\BMb3581cd3.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMb3581cd3.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
#5
Posted 25 June 2010 - 12:24 AM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Copy the text in the code box by highlighting and Ctrl + c
Let the program run unhindered, OTL will reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:
:!: It must be saved to your desktop, do not run it :!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Doubleclick on george to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Re-activate your protection programs at this time :!:
I see you have run TDSSKiller could I see the log?
Ron
:OTL
O2 - BHO: (no name) - {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - Reg Error: Value error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {7739E5FA-6A1E-4E4B-975D-56F2DAF0EDB9} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {794ac8d7-5de5-460e-8968-6d79d27677bb} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\qoMffCtS: DllName - qoMffCtS.dll - File not found
O28 - HKLM ShellExecuteHooks: {11F12CE4-B0DF-47FB-84E8-9A2D292C3C90} - Reg Error: Value error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRKCrPF) - File not found
O33 - MountPoints2\{30cf1178-953b-11dd-9b04-001c2387b116}\Shell\Launch\command - "" = E:\portablevaultaes.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3104b560-df17-11dc-a29a-001c2387b116}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell - "" = AutoRun
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cb91aeb-9482-11dd-9b01-001c2387b116}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
:Files
C:\WINDOWS\System32\mgqmivfy.ini
C:\WINDOWS\System32\FPrCKRqr.ini2
C:\WINDOWS\System32\FPrCKRqr.ini
:Commands
[purity]
[emptytemp]
[Reboot]then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the topLet the program run unhindered, OTL will reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:
:!: It must be saved to your desktop, do not run it :!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Doubleclick on george to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Re-activate your protection programs at this time :!:
I see you have run TDSSKiller could I see the log?
Ron
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
