Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FUQ, COM Surrogate


  • Please log in to reply

#1
NikkiCole

NikkiCole

    Member

  • Member
  • PipPip
  • 11 posts
Okay, I was on the internet looking for something on google and obviously misclicked somewhere and my mozilla shut down and a very fake looking "windows security window" pops up. It says I need protection and starts a scan that says I have virus everywhere. So I open task manager to shut it down assuming it is running through mozilla but it is not. The highest process I have is something called FUQ. So I end process that and the fake security thing disappears. So I go to my uninstall and try to find any odd program. I see Conduit, never heard of it, I try and uninstall and this fke security comes up again, so i shut it down. I restart into safe mode and try and uninstall and I get teh same results. So I notice this COM surrogate and try and end process that and try to uninstall conduit and it says I need administrative approval (I am the admistrator) So at this point I go back to regular mode and try to delete conduit files and they automatically reappear. So I try and open Mozilla and the FUQ opens again, same with all my programs. So finally I safe mode and system restore to yesterday. Problem is I think I still have the virus, I still have the conduit engine and the COM surrogate keeps popping up. I have dumped all my files with OTC and used Gooredfix because I thought it might be the google virus (I followed all teh google virus removal steps.) help please.


OTL logfile created on: 05/04/2011 3:13:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Nicole\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 113.04 Gb Free Space | 48.54% Space Free | Partition Type: NTFS
Drive D: | 920.72 Mb Total Space | 683.44 Mb Free Space | 74.23% Space Free | Partition Type: FAT
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
PRC - [2011/03/23 21:59:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 06:17:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 06:17:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/08 18:45:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/26 03:03:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\stacsv.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/11 03:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 03:57:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\AEstSrv.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/09 19:01:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/05/05 22:16:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/03/03 13:36:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/20 23:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/14 14:43:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
MOD - [2011/01/13 06:17:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 13:13:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/26 23:49:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/13 06:17:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\stacsv.exe -- (STacSV)
SRV - [2009/08/24 09:06:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/05 22:16:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/20 23:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/16 23:43:45 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/13 06:11:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 06:10:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 06:07:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 06:07:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 06:07:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/02/26 03:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/15 15:35:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 13:18:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/05/20 12:40:00 | 000,314,368 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/03/19 18:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2009/01/22 19:37:30 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/10 21:00:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/09/19 05:33:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/06/03 22:00:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/05/05 23:38:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/02/24 07:10:18 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/02/15 22:31:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/25 00:12:54 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Dell\MediaDirect\000.fcl -- ({2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7})
DRV - [2007/12/18 21:42:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/07/30 16:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 15:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 5E 2B 8D F0 B4 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theweathe...ather/canf0253"
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/25 03:53:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/25 03:53:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 21:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 21:59:32 | 000,000,000 | ---D | M]

[2011/01/14 18:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions
[2011/04/05 14:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions
[2011/01/16 23:46:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 03:37:37 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/05 14:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\[email protected]
[2011/03/06 23:35:38 | 000,002,010 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\amazon-ca-search.xml
[2011/01/15 04:43:23 | 000,001,304 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\chaptersindigoca.xml
[2011/03/14 00:01:40 | 000,002,979 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\ebayca.xml
[2011/01/15 21:12:48 | 000,012,703 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\imdb.xml
[2011/01/21 02:04:34 | 000,002,057 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\youtube-video-search.xml
[2011/01/25 14:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/22 09:13:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/25 14:50:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/25 03:53:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/25 03:53:08 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/01/25 14:50:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/05 03:36:43 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/05 03:36:43 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/05 03:36:43 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/05 03:36:43 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/05 14:53:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk = File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.253
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 19:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{136ef508-2147-11e0-a34c-0023ae36938b}\Shell - "" = AutoRun
O33 - MountPoints2\{136ef508-2147-11e0-a34c-0023ae36938b}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{53086728-4c68-11e0-9753-0023ae36938b}\Shell - "" = AutoRun
O33 - MountPoints2\{53086728-4c68-11e0-9753-0023ae36938b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 15:03:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\tdsskiller
[2011/04/05 15:02:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\GooredFix Backups
[2011/04/05 15:01:35 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Nicole\Desktop\GooredFix.exe
[2011/04/05 14:53:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/05 14:53:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\erunt
[2011/04/05 14:50:46 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTM.exe
[2011/04/05 14:47:07 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\Nicole\Desktop\spywareblastersetup44.exe
[2011/04/05 14:47:04 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTC.exe
[2011/04/05 14:41:36 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/04/05 14:35:18 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Temp(10)
[2011/04/05 14:35:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/05 14:25:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/05 14:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine(5)
[2011/03/29 03:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/27 01:03:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/27 01:03:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/27 01:03:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/27 00:57:08 | 000,527,360 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2011/03/27 00:00:16 | 000,000,000 | ---D | C] -- C:\15204a9c175f03852878f50e753f
[2011/03/26 17:00:33 | 000,000,000 | ---D | C] -- C:\6b3b81875bf52e2d40536ee8
[2011/03/26 16:47:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/14 15:38:29 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Arch lectures
[2011/03/12 20:10:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Penumbra Overture
[2011/03/12 01:39:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\Games
[2011/03/12 01:00:53 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/03/12 01:00:53 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Osmos
[2011/03/12 01:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/03/11 23:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy

========== Files - Modified Within 30 Days ==========

[2011/04/05 15:06:22 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/05 15:06:22 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/05 15:03:30 | 001,263,721 | ---- | M] () -- C:\Users\Nicole\Desktop\tdsskiller.zip
[2011/04/05 15:01:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Nicole\Desktop\GooredFix.exe
[2011/04/05 14:59:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 14:59:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 14:59:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 14:58:56 | 3217,412,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 14:53:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/05 14:52:04 | 000,513,320 | ---- | M] () -- C:\Users\Nicole\Desktop\erunt.zip
[2011/04/05 14:51:15 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTM.exe
[2011/04/05 14:27:08 | 000,007,176 | -HS- | M] () -- C:\Users\Nicole\AppData\Local\808i25420l26k
[2011/04/05 14:27:08 | 000,007,176 | -HS- | M] () -- C:\ProgramData\808i25420l26k
[2011/04/05 14:22:02 | 004,314,818 | R--- | M] () -- C:\Users\Nicole\Desktop\ComboFix.exe
[2011/04/05 14:20:12 | 000,151,515 | ---- | M] () -- C:\Users\Nicole\Desktop\hosts.zip
[2011/04/05 14:18:28 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\Nicole\Desktop\spywareblastersetup44.exe
[2011/04/05 14:16:56 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTC.exe
[2011/03/29 03:15:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/28 23:01:35 | 000,166,912 | ---- | M] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 01:15:11 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/26 16:37:53 | 238,090,891 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/17 13:30:22 | 000,006,836 | ---- | M] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2011/03/14 20:24:14 | 000,129,472 | ---- | M] () -- C:\Users\Nicole\Documents\dell.pdf
[2011/03/12 01:00:53 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll

========== Files Created - No Company Name ==========

[2011/04/05 15:03:19 | 001,263,721 | ---- | C] () -- C:\Users\Nicole\Desktop\tdsskiller.zip
[2011/04/05 14:52:01 | 000,513,320 | ---- | C] () -- C:\Users\Nicole\Desktop\erunt.zip
[2011/04/05 14:47:02 | 004,314,818 | R--- | C] () -- C:\Users\Nicole\Desktop\ComboFix.exe
[2011/04/05 14:47:02 | 000,151,515 | ---- | C] () -- C:\Users\Nicole\Desktop\hosts.zip
[2011/04/05 14:38:42 | 3217,412,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/05 13:34:49 | 000,007,176 | -HS- | C] () -- C:\Users\Nicole\AppData\Local\808i25420l26k
[2011/04/05 13:34:49 | 000,007,176 | -HS- | C] () -- C:\ProgramData\808i25420l26k
[2011/03/29 03:15:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/21 14:55:25 | 000,048,292 | ---- | C] () -- C:\Users\Nicole\Documents\Essay One - Nicole Baldwin.rtf
[2011/03/14 20:24:12 | 000,129,472 | ---- | C] () -- C:\Users\Nicole\Documents\dell.pdf
[2011/01/22 09:15:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/18 14:27:08 | 000,137,639 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/01/17 04:09:10 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/01/15 19:30:33 | 000,166,912 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/15 15:54:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/15 15:54:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/15 04:39:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/11 17:07:00 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/11 17:07:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/01/11 17:07:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011/01/11 17:07:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/01/11 17:02:01 | 000,006,836 | ---- | C] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2010/08/25 17:57:58 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 17:57:58 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/08/25 17:57:58 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 17:57:57 | 000,433,024 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/05/08 00:38:43 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/05/07 23:51:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/05/07 23:42:39 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/05/07 23:42:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/07 06:26:07 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2006/11/02 10:27:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:17:37 | 000,371,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:03:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 08:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 08:03:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 08:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 07:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 06:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 05:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 05:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 04:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/17 03:28:55 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Atari
[2011/03/31 22:44:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\BitTorrent
[2011/02/01 17:01:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Canon
[2011/01/17 03:29:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DAEMON Tools Lite
[2011/02/22 21:12:13 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/02/02 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\GOL_byHasbro
[2011/01/17 04:09:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2011/03/28 01:02:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\uTorrent
[2011/04/05 14:57:49 | 000,022,880 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:13DF9DD1

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:Services

:OTL
[2011/04/05 13:34:49 | 000,007,176 | -HS- | C] () -- C:\Users\Nicole\AppData\Local\808i25420l26k
[2011/04/05 13:34:49 | 000,007,176 | -HS- | C] () -- C:\ProgramData\808i25420l26k
2011/01/16 03:37:37 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2011/01/25 14:50:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk = File not found
O33 - MountPoints2\{136ef508-2147-11e0-a34c-0023ae36938b}\Shell - "" = AutoRun
O33 - MountPoints2\{136ef508-2147-11e0-a34c-0023ae36938b}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{53086728-4c68-11e0-9753-0023ae36938b}\Shell - "" = AutoRun
O33 - MountPoints2\{53086728-4c68-11e0-9753-0023ae36938b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
[2011/04/05 14:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine(5)

:Files
C:\Program Files\ConduitEngine
C:\Program Files\ConduitEngine(1)
C:\Program Files\ConduitEngine(2)
C:\Program Files\ConduitEngine(3)
C:\Program Files\ConduitEngine(4)
C:\Program Files\ConduitEngine(5)
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


Run OTL

select either the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Are you still getting your "windows security window" ?

Ron
  • 0

#3
NikkiCole

NikkiCole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I am not getting the scam one but I am getting what seem like legit windows security alerts about needing to chekc my anti-virus... I think it is the real one.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\Nicole\AppData\Local\808i25420l26k moved successfully.
C:\ProgramData\808i25420l26k moved successfully.
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
C:\Program Files\BitTorrentBar\tbBitT.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files\BitTorrentBar\tbBitT.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
File C:\Program Files\BitTorrentBar\tbBitT.dll not found.
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk moved successfully.
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{136ef508-2147-11e0-a34c-0023ae36938b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136ef508-2147-11e0-a34c-0023ae36938b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{136ef508-2147-11e0-a34c-0023ae36938b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136ef508-2147-11e0-a34c-0023ae36938b}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53086728-4c68-11e0-9753-0023ae36938b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53086728-4c68-11e0-9753-0023ae36938b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53086728-4c68-11e0-9753-0023ae36938b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53086728-4c68-11e0-9753-0023ae36938b}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
C:\Program Files\ConduitEngine(5)\ConduitEngineUninstall.exe folder moved successfully.
C:\Program Files\ConduitEngine(5) folder moved successfully.
========== FILES ==========
C:\Program Files\ConduitEngine folder moved successfully.
File\Folder C:\Program Files\ConduitEngine(1) not found.
File\Folder C:\Program Files\ConduitEngine(2) not found.
File\Folder C:\Program Files\ConduitEngine(3) not found.
File\Folder C:\Program Files\ConduitEngine(4) not found.
File\Folder C:\Program Files\ConduitEngine(5) not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nicole
->Temp folder emptied: 130685289 bytes
->Temporary Internet Files folder emptied: 2123715 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 89513248 bytes
->Flash cache emptied: 1664 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17276 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 212.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04072011_024440

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




-------
OTL logfile created on: 07/04/2011 12:27:53 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Nicole\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 107.92 Gb Free Space | 46.34% Space Free | Partition Type: NTFS
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
PRC - [2011/03/23 21:59:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 06:17:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 06:17:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/10 20:55:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/02/26 03:03:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\stacsv.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/11 03:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 03:57:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\AEstSrv.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/09 19:01:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/05/05 22:16:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/01/20 23:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/14 14:43:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
MOD - [2011/01/13 06:17:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 13:13:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/26 23:49:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/13 06:17:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\stacsv.exe -- (STacSV)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/05 22:16:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/20 23:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 11:26:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 11:26:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 11:25:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 11:25:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 11:25:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 11:24:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/16 23:43:45 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/02/26 03:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/15 15:35:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 13:18:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/05/20 12:40:00 | 000,314,368 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/03/19 18:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2009/01/22 19:37:30 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/10 21:00:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/09/19 05:33:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/06/03 22:00:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/05/05 23:38:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/02/24 07:10:18 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/02/15 22:31:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/25 00:12:54 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Dell\MediaDirect\000.fcl -- ({2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7})
DRV - [2007/12/18 21:42:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/07/30 16:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 15:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 5E 2B 8D F0 B4 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theweathe...ather/canf0253"
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/25 03:53:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/25 03:53:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 21:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 21:59:32 | 000,000,000 | ---D | M]

[2011/01/14 18:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions
[2011/04/06 22:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions
[2011/01/16 23:46:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 03:37:37 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/05 14:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\[email protected]
[2011/03/06 23:35:38 | 000,002,010 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\amazon-ca-search.xml
[2011/01/15 04:43:23 | 000,001,304 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\chaptersindigoca.xml
[2011/03/14 00:01:40 | 000,002,979 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\ebayca.xml
[2011/01/15 21:12:48 | 000,012,703 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\imdb.xml
[2011/01/21 02:04:34 | 000,002,057 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\youtube-video-search.xml
[2011/04/07 02:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/22 09:13:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/25 03:53:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/25 03:53:08 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/01/25 14:50:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/05 03:36:43 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/05 03:36:43 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/05 03:36:43 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/05 03:36:43 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/07 12:21:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.253
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 19:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 12:27:07 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/07 12:26:20 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/04/07 12:23:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/07 12:13:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/07 12:13:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/07 12:13:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/07 12:13:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/07 12:13:37 | 000,000,000 | ---D | C] -- C:\George
[2011/04/07 12:13:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/07 02:58:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/07 02:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/07 02:58:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/07 02:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/05 21:58:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Adobe
[2011/04/05 21:52:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Apple
[2011/04/05 21:52:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Apple Computer
[2011/04/05 15:36:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2011/04/05 15:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/05 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/05 15:12:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2011/04/05 15:03:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\tdsskiller
[2011/04/05 15:01:35 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Nicole\Desktop\GooredFix.exe
[2011/04/05 14:53:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/05 14:50:46 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTM.exe
[2011/04/05 14:47:04 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTC.exe
[2011/04/05 14:41:36 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/04/05 14:35:18 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Temp(10)
[2011/04/05 14:25:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 03:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/28 03:05:13 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/03/28 03:05:13 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/03/28 03:05:13 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/03/28 03:04:43 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/28 03:04:42 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/28 03:04:41 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/28 03:04:41 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/03/28 03:04:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/28 03:04:40 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/28 03:04:14 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/03/28 03:04:14 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/03/28 03:04:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/03/28 03:04:03 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/03/28 03:04:03 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/03/28 03:04:02 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/03/28 03:04:02 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/03/28 03:04:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/03/28 03:04:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/03/28 03:03:01 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/03/28 03:03:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/03/27 06:06:51 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/27 06:06:50 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/27 06:06:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/27 06:06:49 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/27 06:06:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/27 06:06:49 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/27 06:06:48 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/27 06:06:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/27 06:06:47 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/27 06:06:47 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/27 06:06:46 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/27 06:06:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/27 06:06:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/27 06:06:23 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/27 06:06:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/27 06:06:23 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/27 06:06:23 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/27 06:06:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/27 06:06:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/27 06:06:22 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/27 06:06:22 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/27 06:06:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/27 06:06:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/27 06:06:22 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/27 06:05:47 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/03/27 01:03:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/27 01:03:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/27 01:03:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/27 00:57:08 | 000,527,360 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2011/03/27 00:00:16 | 000,000,000 | ---D | C] -- C:\15204a9c175f03852878f50e753f
[2011/03/26 17:00:33 | 000,000,000 | ---D | C] -- C:\6b3b81875bf52e2d40536ee8
[2011/03/26 16:47:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/14 15:38:29 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Arch lectures
[2011/03/12 20:10:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Penumbra Overture
[2011/03/12 01:39:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\Games
[2011/03/12 01:00:53 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/03/12 01:00:53 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/03/12 01:00:53 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Osmos
[2011/03/12 01:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/03/11 23:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2011/03/09 09:14:34 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 09:14:34 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 09:14:34 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 09:14:34 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/09 09:14:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe

========== Files - Modified Within 30 Days ==========

[2011/04/07 12:27:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/07 12:21:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/07 12:05:33 | 004,315,750 | R--- | M] () -- C:\Users\Nicole\Desktop\George.exe
[2011/04/07 10:54:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 10:54:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 03:01:23 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/07 03:01:23 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/07 02:58:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 02:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/07 02:54:40 | 3217,412,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/07 02:48:10 | 000,006,836 | ---- | M] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2011/04/05 15:03:30 | 001,263,721 | ---- | M] () -- C:\Users\Nicole\Desktop\tdsskiller.zip
[2011/04/05 15:01:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Nicole\Desktop\GooredFix.exe
[2011/04/05 14:51:15 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTM.exe
[2011/04/05 14:16:56 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTC.exe
[2011/03/29 03:15:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/28 23:01:35 | 000,166,912 | ---- | M] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 01:15:11 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/26 16:37:53 | 238,090,891 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/14 20:24:14 | 000,129,472 | ---- | M] () -- C:\Users\Nicole\Documents\dell.pdf
[2011/03/12 01:00:53 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/03/12 01:00:53 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll

========== Files Created - No Company Name ==========

[2011/04/07 12:13:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/07 12:13:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/07 12:13:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/07 12:13:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/07 12:13:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/07 12:05:28 | 004,315,750 | R--- | C] () -- C:\Users\Nicole\Desktop\George.exe
[2011/04/07 02:58:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 15:03:19 | 001,263,721 | ---- | C] () -- C:\Users\Nicole\Desktop\tdsskiller.zip
[2011/04/05 14:38:42 | 3217,412,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/29 03:15:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/21 14:55:25 | 000,048,292 | ---- | C] () -- C:\Users\Nicole\Documents\Essay One - Nicole Baldwin.rtf
[2011/03/14 20:24:12 | 000,129,472 | ---- | C] () -- C:\Users\Nicole\Documents\dell.pdf
[2011/01/22 09:15:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/18 14:27:08 | 000,137,639 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/01/17 04:09:10 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/01/15 19:30:33 | 000,166,912 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/15 15:54:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/15 15:54:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/15 04:39:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/11 17:07:00 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/11 17:07:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/01/11 17:07:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011/01/11 17:07:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/01/11 17:02:01 | 000,006,836 | ---- | C] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2010/08/25 17:57:58 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 17:57:58 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/08/25 17:57:58 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 17:57:57 | 000,433,024 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/05/08 00:38:43 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/05/07 23:51:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/05/07 23:42:39 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/05/07 23:42:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/07 06:26:07 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2006/11/02 10:27:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:17:37 | 000,371,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:03:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 08:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 08:03:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 08:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 07:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 06:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 05:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 05:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 04:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:13DF9DD1

< End of report >

OTL Extras logfile created on: 07/04/2011 2:57:23 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Nicole\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 108.43 Gb Free Space | 46.56% Space Free | Partition Type: NTFS
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FBB5F6-AAAC-4085-A9DF-61AA9C2B26AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{228F1915-B7FC-4B16-86CE-77E16BEA5546}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C4C8EEA-4D89-49F5-B8EA-437B164913C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FC2A459-C138-44D0-AE11-33FE3C053641}" = lport=137 | protocol=17 | dir=in | app=system |
"{55CEE0DB-BD17-4FF3-BD03-6EEAD72521A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{74ECECCE-A158-40F0-9FE8-CD0E831D1AAD}" = rport=445 | protocol=6 | dir=out | app=system |
"{883D27F8-B4F9-4522-80C0-163A117E11F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9D31534C-9D8C-4E3B-A4CB-24E7AC7EC93A}" = lport=138 | protocol=17 | dir=in | app=system |
"{A060E3EB-8190-4430-846D-74CE3132F632}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A8FB60D9-9D8C-4051-A18F-65FA3E14FF5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B598FEC0-C9D8-4496-A8F0-6F860AF2E883}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1C7FF65-24F3-4E7A-901A-FF0AA52AC7DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3402FF2-C463-42C4-8E57-5C7B427958A1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DAE751-11EA-4198-90C1-5C7113B4031D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{19D5BD22-958E-48F2-99BF-A8B648DAF543}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\osmos\osmos.exe |
"{2F95D8BB-BE33-456E-AE67-1DB9DA5DFA41}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FBF8145-E1EF-4E5A-AA72-0EAB49F1A29D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{362DDA79-9A6F-4E91-96B9-C487A1CB62B4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\gish\gish.exe |
"{3CAD6FF3-F086-4844-B704-2BE95C528CA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{3D9F87D9-BC3B-4AFF-A24F-4BF9EB76A253}" = protocol=58 | dir=in | [email protected],-28545 |
"{3DCDA0B2-805E-4626-9ABE-94138D9304C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4663D6CB-C538-4820-BD25-39802B9DF8ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{46C4BAB9-178A-4566-B5C9-59A38A66DF42}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{48B6F9C7-5D2D-4621-8BC0-4C01D33C8B76}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4A65FCDD-752D-4E47-9317-1F6B3EDD16EA}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{4FAE3CA1-E462-43E2-827B-E2A57F663001}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{519E0CA3-F88F-4F69-A830-CDD68A1FB342}" = protocol=58 | dir=out | [email protected],-28546 |
"{51F8D268-B43A-423B-AA3F-2076B6BD30AD}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{54DC8A7A-7BC0-4400-8FF5-7EEA234333A6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lego batman\legobatman.exe |
"{565948DF-1580-4372-B661-6EA16509B323}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6A25337B-0FF5-49DF-9FF4-60DE3A8D8FFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6A585D9E-1A7D-45E6-A98B-DE8B74A8691B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77E2A201-7223-49A4-9E56-D2B886ACD35C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DBEF499-FA14-4501-9C2D-11DC680D990B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7EE441B9-12F3-4226-9390-C529916FE0A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aquaria\aquaria.exe |
"{820B10C1-0849-4E47-A4AE-3954AF3CE3B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{8F0FC543-493A-4715-9E0C-8B2BBB8CADD3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9628F047-8132-4458-A2A8-687EE63BF3A6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe |
"{9CB9AC35-9597-4A83-96D6-EED6932D5C3B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{A2BEF751-CBCC-46E6-BD85-23D11F2412CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lego batman\legobatman.exe |
"{A35F4416-041B-4A08-B134-12050CC92111}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A7F0A110-F18F-48C2-A708-D8D6D6C3F86C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B6719C0C-1C16-4E69-930D-4005966B8A02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{B7D30FB4-9BAB-4691-8F87-9FD0383A2867}" = protocol=1 | dir=out | [email protected],-28544 |
"{BED4D2AC-992C-4A64-891F-4890BAC011C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8FDFC61-18B6-47C7-B9A6-9AB0A2151C5B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\osmos\osmos.exe |
"{D725EC22-AA01-4859-991A-EF8CE10AB977}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe |
"{D782F7E3-5D99-43C6-BB1B-C07DC7C2C93B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DC3F8233-1F00-4E94-934A-325D96CA6B68}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aquaria\aquaria.exe |
"{DEBF781F-9CD2-4023-AA82-86F7B92F0082}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\gish\gish.exe |
"{E714DC4D-1769-4370-9F13-FF1A7E2E1106}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{EAB9710C-3BBD-42A9-B7DC-698E584B4573}" = protocol=1 | dir=in | [email protected],-28543 |
"{EC3CD4C8-E302-4BBF-A4FD-220B2EF3F372}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{ED27D6E4-AFFD-4064-9C22-E88E18AD2303}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F081CA99-107A-4936-9C4A-8D7A2FDFB1E5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0B650529-6D67-49C4-9D7A-7B9973DFB1FB}C:\users\nicole\desktop\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\blizzard downloader.exe |
"TCP Query User{3585217C-83EB-48A0-BE64-586E9C707AC6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{3A9C7E3E-D684-4D5C-8442-E97ACBD104A6}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"TCP Query User{7E14C767-D933-4DD7-8E0E-9C24FEDA4796}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"TCP Query User{A8B9598C-D231-49A9-916D-119D5B0B2842}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{D7B99174-4650-41A3-99F1-BA740708AF12}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{EA46B7AF-E077-4B2A-B5E6-FBA703B6B52A}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"TCP Query User{FAE98915-A97D-41FF-BCFB-4307FA1DF6DD}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"UDP Query User{282A2934-B04C-4117-988D-E725C49265AB}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"UDP Query User{539CE836-9981-409E-8CD4-39F49EF36378}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{64CCD6C3-60BA-426B-B6CA-857D73CFD5BB}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{86DCA9D8-1FCD-4265-9D9F-BAB0F0554F11}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"UDP Query User{87259093-7197-4FDE-8341-3CD8039CEA04}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"UDP Query User{D438104B-ADBF-4EE4-AB1C-DAC40272341C}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{E184255B-8FDC-4944-8D32-B66D34206EE5}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"UDP Query User{F3CD55A0-08CD-4E03-958C-867DE2260070}C:\users\nicole\desktop\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\blizzard downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{140BF0D0-E848-405C-9A01-D3256B918B6D}" = AuthenTec Fingerprint System
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless 1515 Driver Installation
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C62299C-65FF-834B-AE08-00A463411321}" = Skins
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F4148D5-BAE5-F6AA-E34A-32DD423B31C3}" = Catalyst Control Center Graphics Previews Common
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{813FF60E-226E-092E-3243-91367F900BE2}" = ccc-utility
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{883141EF-9174-259C-ED5D-74D0FB2461C0}" = ccc-core-static
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B85F8BF3-2D1C-683A-9F47-F0339EBE3ADA}" = Catalyst Control Center Graphics Full New
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D31D8690-A6E5-37C3-8BBE-28E8EE48BEAB}" = Catalyst Control Center Graphics Previews Vista
"{D5A3FE4E-E160-8987-4AB9-0148BF2F65B0}" = Catalyst Control Center Graphics Light
"{D9481F93-5D55-C4E2-6D3F-ED2180590920}" = Catalyst Control Center Graphics Full Existing
"{DA054439-21A7-D2EF-DE23-38AA0560535F}" = ATI Catalyst Install Manager
"{E137477C-C14A-92E7-867A-08E256A5425E}" = CCC Help English
"{E19DF061-5BBA-72B7-17A0-B8DA1FEA621A}" = Catalyst Control Center Core Implementation
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAE03C8D-6A76-9A21-1111-B93B338ABDB1}" = Catalyst Control Center InstallProxy
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"17D5EDB8CF9DBD67DDA7675D6772B06BA5809565" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alarm Clock_is1" = Alarm Clock v1.0
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Go Go Gourmet - Chef of the Year" = Go-Go Gourmet: Chef of the Year
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"conduitEngine" = Conduit Engine
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"Steam App 21000" = LEGO Batman: The Videogame
"Steam App 22000" = World of Goo
"Steam App 22180" = Penumbra: Overture
"Steam App 24420" = Aquaria
"Steam App 25010" = Lugaru HD
"Steam App 26800" = Braid
"Steam App 29180" = Osmos
"Steam App 40700" = Machinarium
"Steam App 9500" = Gish
"The Game Of Life by Hasbro1.0" = The Game Of Life by Hasbro
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/03/2011 6:04:02 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8346

Error - 30/03/2011 6:04:03 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/03/2011 6:04:03 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9454

Error - 30/03/2011 6:04:03 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9454

Error - 30/03/2011 6:04:04 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/03/2011 6:04:04 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10452

Error - 30/03/2011 6:04:04 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10452

Error - 30/03/2011 9:01:26 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/03/2011 9:01:26 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10652388

Error - 30/03/2011 9:01:26 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10652388

[ OSession Events ]
Error - 11/03/2011 9:46:47 AM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 801
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/02/2011 5:24:00 AM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 16/02/2011 11:27:10 AM | Computer Name = Nicole-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00255631A7D8 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 16/02/2011 2:05:22 PM | Computer Name = Nicole-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 134.153.7.143 for the Network Card with network
address 00255631A7D8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 18/02/2011 9:31:07 AM | Computer Name = Nicole-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00255631A7D8 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/02/2011 11:27:54 AM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 18/02/2011 4:37:33 PM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 18/02/2011 9:55:10 PM | Computer Name = Nicole-PC | Source = HTTP | ID = 15016
Description =

Error - 18/02/2011 9:55:46 PM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/02/2011 1:57:08 PM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 20/02/2011 2:20:10 AM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =


< End of report >

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6292

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

07/04/2011 4:51:04 AM
mbam-log-2011-04-07 (04-51-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 292436
Time elapsed: 1 hour(s), 50 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 11-04-06.03 - Nicole 07/04/2011 12:14:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3068.1707 [GMT -2.5:30]
Running from: c:\users\Nicole\Desktop\George.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 14:50 . 2011-04-07 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-07 05:28 . 2010-12-20 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 05:28 . 2010-12-20 20:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-07 05:14 . 2011-04-07 05:14 -------- d-----w- C:\_OTL
2011-04-06 00:28 . 2011-04-06 00:28 -------- d-----w- c:\users\Nicole\AppData\Local\Adobe
2011-04-06 00:22 . 2011-04-06 00:22 -------- d-----w- c:\users\Nicole\AppData\Local\Apple
2011-04-06 00:22 . 2011-04-06 00:22 -------- d-----w- c:\users\Nicole\AppData\Local\Apple Computer
2011-04-05 18:06 . 2011-04-05 18:06 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2011-04-05 18:06 . 2011-04-05 18:06 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 18:06 . 2011-04-07 05:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 17:23 . 2011-04-05 17:23 -------- d-----w- C:\_OTM
2011-04-05 17:20 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47B45184-6AD7-4EA6-B6CA-926EFA676C57}\mpengine.dll
2011-04-05 17:11 . 2011-04-07 05:25 -------- d-----w- c:\windows\system32\wbem\repository
2011-04-05 17:05 . 2011-04-05 17:05 -------- d-----w- c:\users\Nicole\AppData\Local\Temp(10)
2011-03-29 05:46 . 2011-03-29 05:46 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-28 05:35 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-28 05:35 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-28 05:35 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-28 05:33 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-28 05:33 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-28 05:33 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-27 08:35 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-03-27 03:33 . 2011-03-27 03:34 -------- d-----w- c:\windows\system32\ca-ES
2011-03-27 03:33 . 2011-03-27 03:34 -------- d-----w- c:\windows\system32\eu-ES
2011-03-27 03:33 . 2011-03-27 03:34 -------- d-----w- c:\windows\system32\vi-VN
2011-03-27 03:27 . 2010-02-26 05:33 527360 ------w- c:\windows\system32\stapi32.dll
2011-03-27 02:30 . 2011-03-27 02:30 -------- d-----w- C:\15204a9c175f03852878f50e753f
2011-03-26 19:30 . 2011-03-26 19:30 -------- d-----w- C:\6b3b81875bf52e2d40536ee8
2011-03-26 19:17 . 2011-03-26 19:17 -------- d-----w- c:\windows\system32\EventProviders
2011-03-12 03:30 . 2011-04-05 17:07 -------- d-----w- c:\program files\OpenAL
2011-03-12 03:30 . 2011-03-12 03:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-12 03:30 . 2011-03-12 03:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-12 02:05 . 2011-03-12 02:05 -------- d-----w- c:\programdata\2DBoy
2011-03-09 11:44 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 11:44 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 11:44 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 11:44 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 11:44 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 11:44 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 11:44 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:41 . 2011-01-14 21:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-25 17:20 . 2011-01-25 17:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-17 02:13 . 2011-01-17 02:13 218176 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-13 08:47 . 2011-01-31 06:39 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2011-01-31 06:39 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2011-01-31 06:40 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2011-01-31 06:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2011-01-31 06:40 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2011-01-31 06:40 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2011-01-31 06:40 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 08:47 . 2011-02-12 18:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-12 18:38 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Steam"="c:\program files\Steam\steam.exe" [2011-01-29 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 150552]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
.
c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-06 475136]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-02-24 203264]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [x]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-04 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-19 277440]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-17 218176]
S2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [2008-01-25 61424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-06 1168632]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-06 133632]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theweathernetwork.com/weather/canf0253
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 12:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
Completion time: 2011-04-07 12:23:10
ComboFix-quarantined-files.txt 2011-04-07 14:53
ComboFix2.txt 2011-04-05 17:05
.
Pre-Run: 115,934,453,760 bytes free
Post-Run: 115,845,513,216 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 4FDAE4763562273E5F3158FA7936C5BC

OTL Extras logfile created on: 07/04/2011 12:27:53 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Nicole\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 107.92 Gb Free Space | 46.34% Space Free | Partition Type: NTFS
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FBB5F6-AAAC-4085-A9DF-61AA9C2B26AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{228F1915-B7FC-4B16-86CE-77E16BEA5546}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C4C8EEA-4D89-49F5-B8EA-437B164913C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FC2A459-C138-44D0-AE11-33FE3C053641}" = lport=137 | protocol=17 | dir=in | app=system |
"{55CEE0DB-BD17-4FF3-BD03-6EEAD72521A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{74ECECCE-A158-40F0-9FE8-CD0E831D1AAD}" = rport=445 | protocol=6 | dir=out | app=system |
"{883D27F8-B4F9-4522-80C0-163A117E11F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9D31534C-9D8C-4E3B-A4CB-24E7AC7EC93A}" = lport=138 | protocol=17 | dir=in | app=system |
"{A060E3EB-8190-4430-846D-74CE3132F632}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A8FB60D9-9D8C-4051-A18F-65FA3E14FF5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B598FEC0-C9D8-4496-A8F0-6F860AF2E883}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1C7FF65-24F3-4E7A-901A-FF0AA52AC7DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3402FF2-C463-42C4-8E57-5C7B427958A1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DAE751-11EA-4198-90C1-5C7113B4031D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{19D5BD22-958E-48F2-99BF-A8B648DAF543}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\osmos\osmos.exe |
"{2F95D8BB-BE33-456E-AE67-1DB9DA5DFA41}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FBF8145-E1EF-4E5A-AA72-0EAB49F1A29D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{362DDA79-9A6F-4E91-96B9-C487A1CB62B4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\gish\gish.exe |
"{3CAD6FF3-F086-4844-B704-2BE95C528CA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\world of goo\worldofgoo.exe |
"{3D9F87D9-BC3B-4AFF-A24F-4BF9EB76A253}" = protocol=58 | dir=in | [email protected],-28545 |
"{3DCDA0B2-805E-4626-9ABE-94138D9304C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4663D6CB-C538-4820-BD25-39802B9DF8ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{46C4BAB9-178A-4566-B5C9-59A38A66DF42}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{48B6F9C7-5D2D-4621-8BC0-4C01D33C8B76}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4A65FCDD-752D-4E47-9317-1F6B3EDD16EA}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{4FAE3CA1-E462-43E2-827B-E2A57F663001}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{519E0CA3-F88F-4F69-A830-CDD68A1FB342}" = protocol=58 | dir=out | [email protected],-28546 |
"{51F8D268-B43A-423B-AA3F-2076B6BD30AD}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{54DC8A7A-7BC0-4400-8FF5-7EEA234333A6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lego batman\legobatman.exe |
"{565948DF-1580-4372-B661-6EA16509B323}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6A25337B-0FF5-49DF-9FF4-60DE3A8D8FFA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6A585D9E-1A7D-45E6-A98B-DE8B74A8691B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77E2A201-7223-49A4-9E56-D2B886ACD35C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DBEF499-FA14-4501-9C2D-11DC680D990B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7EE441B9-12F3-4226-9390-C529916FE0A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aquaria\aquaria.exe |
"{820B10C1-0849-4E47-A4AE-3954AF3CE3B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{8F0FC543-493A-4715-9E0C-8B2BBB8CADD3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9628F047-8132-4458-A2A8-687EE63BF3A6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe |
"{9CB9AC35-9597-4A83-96D6-EED6932D5C3B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{A2BEF751-CBCC-46E6-BD85-23D11F2412CE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lego batman\legobatman.exe |
"{A35F4416-041B-4A08-B134-12050CC92111}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A7F0A110-F18F-48C2-A708-D8D6D6C3F86C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B6719C0C-1C16-4E69-930D-4005966B8A02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{B7D30FB4-9BAB-4691-8F87-9FD0383A2867}" = protocol=1 | dir=out | [email protected],-28544 |
"{BED4D2AC-992C-4A64-891F-4890BAC011C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8FDFC61-18B6-47C7-B9A6-9AB0A2151C5B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\osmos\osmos.exe |
"{D725EC22-AA01-4859-991A-EF8CE10AB977}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lugaru hd\lugaru.exe |
"{D782F7E3-5D99-43C6-BB1B-C07DC7C2C93B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DC3F8233-1F00-4E94-934A-325D96CA6B68}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aquaria\aquaria.exe |
"{DEBF781F-9CD2-4023-AA82-86F7B92F0082}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\gish\gish.exe |
"{E714DC4D-1769-4370-9F13-FF1A7E2E1106}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\machinarium\machinarium.exe |
"{EAB9710C-3BBD-42A9-B7DC-698E584B4573}" = protocol=1 | dir=in | [email protected],-28543 |
"{EC3CD4C8-E302-4BBF-A4FD-220B2EF3F372}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{ED27D6E4-AFFD-4064-9C22-E88E18AD2303}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F081CA99-107A-4936-9C4A-8D7A2FDFB1E5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0B650529-6D67-49C4-9D7A-7B9973DFB1FB}C:\users\nicole\desktop\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\blizzard downloader.exe |
"TCP Query User{3585217C-83EB-48A0-BE64-586E9C707AC6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{3A9C7E3E-D684-4D5C-8442-E97ACBD104A6}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"TCP Query User{7E14C767-D933-4DD7-8E0E-9C24FEDA4796}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"TCP Query User{A8B9598C-D231-49A9-916D-119D5B0B2842}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{D7B99174-4650-41A3-99F1-BA740708AF12}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{EA46B7AF-E077-4B2A-B5E6-FBA703B6B52A}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"TCP Query User{FAE98915-A97D-41FF-BCFB-4307FA1DF6DD}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"UDP Query User{282A2934-B04C-4117-988D-E725C49265AB}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"UDP Query User{539CE836-9981-409E-8CD4-39F49EF36378}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{64CCD6C3-60BA-426B-B6CA-857D73CFD5BB}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{86DCA9D8-1FCD-4265-9D9F-BAB0F0554F11}C:\users\nicole\desktop\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.exe |
"UDP Query User{87259093-7197-4FDE-8341-3CD8039CEA04}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"UDP Query User{D438104B-ADBF-4EE4-AB1C-DAC40272341C}C:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{E184255B-8FDC-4944-8D32-B66D34206EE5}C:\users\nicole\desktop\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\launcher.patch.exe |
"UDP Query User{F3CD55A0-08CD-4E03-958C-867DE2260070}C:\users\nicole\desktop\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\world of warcraft\blizzard downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{140BF0D0-E848-405C-9A01-D3256B918B6D}" = AuthenTec Fingerprint System
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless 1515 Driver Installation
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C62299C-65FF-834B-AE08-00A463411321}" = Skins
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F4148D5-BAE5-F6AA-E34A-32DD423B31C3}" = Catalyst Control Center Graphics Previews Common
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{813FF60E-226E-092E-3243-91367F900BE2}" = ccc-utility
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{883141EF-9174-259C-ED5D-74D0FB2461C0}" = ccc-core-static
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B85F8BF3-2D1C-683A-9F47-F0339EBE3ADA}" = Catalyst Control Center Graphics Full New
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D31D8690-A6E5-37C3-8BBE-28E8EE48BEAB}" = Catalyst Control Center Graphics Previews Vista
"{D5A3FE4E-E160-8987-4AB9-0148BF2F65B0}" = Catalyst Control Center Graphics Light
"{D9481F93-5D55-C4E2-6D3F-ED2180590920}" = Catalyst Control Center Graphics Full Existing
"{DA054439-21A7-D2EF-DE23-38AA0560535F}" = ATI Catalyst Install Manager
"{E137477C-C14A-92E7-867A-08E256A5425E}" = CCC Help English
"{E19DF061-5BBA-72B7-17A0-B8DA1FEA621A}" = Catalyst Control Center Core Implementation
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAE03C8D-6A76-9A21-1111-B93B338ABDB1}" = Catalyst Control Center InstallProxy
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"17D5EDB8CF9DBD67DDA7675D6772B06BA5809565" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Alarm Clock_is1" = Alarm Clock v1.0
"avast" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Go Go Gourmet - Chef of the Year" = Go-Go Gourmet: Chef of the Year
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"Steam App 21000" = LEGO Batman: The Videogame
"Steam App 22000" = World of Goo
"Steam App 22180" = Penumbra: Overture
"Steam App 24420" = Aquaria
"Steam App 25010" = Lugaru HD
"Steam App 26800" = Braid
"Steam App 29180" = Osmos
"Steam App 40700" = Machinarium
"Steam App 9500" = Gish
"The Game Of Life by Hasbro1.0" = The Game Of Life by Hasbro
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/03/2011 6:04:02 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8346

Error - 30/03/2011 6:04:03 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/03/2011 6:04:03 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9454

Error - 30/03/2011 6:04:03 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9454

Error - 30/03/2011 6:04:04 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/03/2011 6:04:04 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10452

Error - 30/03/2011 6:04:04 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10452

Error - 30/03/2011 9:01:26 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/03/2011 9:01:26 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10652388

Error - 30/03/2011 9:01:26 PM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10652388

[ OSession Events ]
Error - 11/03/2011 9:46:47 AM | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 801
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/02/2011 5:24:00 AM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 16/02/2011 11:27:10 AM | Computer Name = Nicole-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00255631A7D8 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 16/02/2011 2:05:22 PM | Computer Name = Nicole-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 134.153.7.143 for the Network Card with network
address 00255631A7D8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 18/02/2011 9:31:07 AM | Computer Name = Nicole-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00255631A7D8 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/02/2011 11:27:54 AM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 18/02/2011 4:37:33 PM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 18/02/2011 9:55:10 PM | Computer Name = Nicole-PC | Source = HTTP | ID = 15016
Description =

Error - 18/02/2011 9:55:46 PM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/02/2011 1:57:08 PM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =

Error - 20/02/2011 2:20:10 AM | Computer Name = Nicole-PC | Source = bowser | ID = 8003
Description =


< End of report >

OTL logfile created on: 07/04/2011 12:27:53 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Nicole\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 107.92 Gb Free Space | 46.34% Space Free | Partition Type: NTFS
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
PRC - [2011/03/23 21:59:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/13 06:17:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 06:17:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/10 20:55:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/02/26 03:03:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\stacsv.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/11 03:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 03:57:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\AEstSrv.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/09 19:01:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/05/05 22:16:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/01/20 23:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/14 14:43:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
MOD - [2011/01/13 06:17:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 13:13:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/26 23:49:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/13 06:17:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/26 03:03:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\stacsv.exe -- (STacSV)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/05 22:16:38 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/01/20 23:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 11:26:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 11:26:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 11:25:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 11:25:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 11:25:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 11:24:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/16 23:43:45 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/02/26 03:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/15 15:35:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 13:18:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/05/20 12:40:00 | 000,314,368 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/03/19 18:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2009/01/22 19:37:30 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/10 21:00:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/09/19 05:33:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/06/03 22:00:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/05/05 23:38:52 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/02/24 07:10:18 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/02/15 22:31:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/25 00:12:54 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Dell\MediaDirect\000.fcl -- ({2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7})
DRV - [2007/12/18 21:42:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/07/30 16:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 15:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 5E 2B 8D F0 B4 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theweathe...ather/canf0253"
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/25 03:53:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/25 03:53:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 21:59:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 21:59:32 | 000,000,000 | ---D | M]

[2011/01/14 18:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions
[2011/04/06 22:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions
[2011/01/16 23:46:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/16 03:37:37 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/05 14:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\extensions\[email protected]
[2011/03/06 23:35:38 | 000,002,010 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\amazon-ca-search.xml
[2011/01/15 04:43:23 | 000,001,304 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\chaptersindigoca.xml
[2011/03/14 00:01:40 | 000,002,979 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\ebayca.xml
[2011/01/15 21:12:48 | 000,012,703 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\imdb.xml
[2011/01/21 02:04:34 | 000,002,057 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\m0ufs0sg.default\searchplugins\youtube-video-search.xml
[2011/04/07 02:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/22 09:13:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/25 03:53:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/25 03:53:08 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/01/25 14:50:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/05 03:36:43 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/05 03:36:43 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/05 03:36:43 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/05 03:36:43 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/07 12:21:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.253
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 19:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 12:27:07 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/07 12:26:20 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/04/07 12:23:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/07 12:13:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/07 12:13:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/07 12:13:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/07 12:13:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/07 12:13:37 | 000,000,000 | ---D | C] -- C:\George
[2011/04/07 12:13:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/07 02:58:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/07 02:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/07 02:58:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/07 02:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/05 21:58:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Adobe
[2011/04/05 21:52:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Apple
[2011/04/05 21:52:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Apple Computer
[2011/04/05 15:36:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2011/04/05 15:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/05 15:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/05 15:12:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2011/04/05 15:03:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\tdsskiller
[2011/04/05 15:01:35 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Nicole\Desktop\GooredFix.exe
[2011/04/05 14:53:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/05 14:50:46 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTM.exe
[2011/04/05 14:47:04 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTC.exe
[2011/04/05 14:41:36 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/04/05 14:35:18 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Temp(10)
[2011/04/05 14:25:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/29 03:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/28 03:05:13 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/03/28 03:05:13 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/03/28 03:05:13 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/03/28 03:04:43 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/28 03:04:42 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/28 03:04:41 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/28 03:04:41 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/03/28 03:04:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/28 03:04:40 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/28 03:04:14 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/03/28 03:04:14 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/03/28 03:04:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/03/28 03:04:03 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/03/28 03:04:03 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/03/28 03:04:02 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/03/28 03:04:02 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/03/28 03:04:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/03/28 03:04:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/03/28 03:03:01 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/03/28 03:03:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/03/27 06:06:51 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/27 06:06:50 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/27 06:06:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/27 06:06:49 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/27 06:06:49 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/27 06:06:49 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/27 06:06:48 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/27 06:06:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/27 06:06:47 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/27 06:06:47 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/27 06:06:46 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/27 06:06:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/27 06:06:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/27 06:06:23 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/27 06:06:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/27 06:06:23 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/27 06:06:23 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/27 06:06:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/27 06:06:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/27 06:06:22 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/27 06:06:22 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/27 06:06:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/27 06:06:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/27 06:06:22 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/27 06:05:47 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/03/27 01:03:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/27 01:03:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/27 01:03:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/27 00:57:08 | 000,527,360 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2011/03/27 00:00:16 | 000,000,000 | ---D | C] -- C:\15204a9c175f03852878f50e753f
[2011/03/26 17:00:33 | 000,000,000 | ---D | C] -- C:\6b3b81875bf52e2d40536ee8
[2011/03/26 16:47:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/14 15:38:29 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Arch lectures
[2011/03/12 20:10:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Penumbra Overture
[2011/03/12 01:39:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\Games
[2011/03/12 01:00:53 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/03/12 01:00:53 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/03/12 01:00:53 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Osmos
[2011/03/12 01:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/03/11 23:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2011/03/09 09:14:34 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 09:14:34 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 09:14:34 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 09:14:34 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/09 09:14:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe

========== Files - Modified Within 30 Days ==========

[2011/04/07 12:27:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/07 12:21:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/07 12:05:33 | 004,315,750 | R--- | M] () -- C:\Users\Nicole\Desktop\George.exe
[2011/04/07 10:54:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 10:54:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 03:01:23 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/07 03:01:23 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/07 02:58:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 02:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/07 02:54:40 | 3217,412,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/07 02:48:10 | 000,006,836 | ---- | M] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2011/04/05 15:12:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2011/04/05 15:03:30 | 001,263,721 | ---- | M] () -- C:\Users\Nicole\Desktop\tdsskiller.zip
[2011/04/05 15:01:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Nicole\Desktop\GooredFix.exe
[2011/04/05 14:51:15 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTM.exe
[2011/04/05 14:16:56 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTC.exe
[2011/03/29 03:15:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/28 23:01:35 | 000,166,912 | ---- | M] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 01:15:11 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/26 16:37:53 | 238,090,891 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/14 20:24:14 | 000,129,472 | ---- | M] () -- C:\Users\Nicole\Documents\dell.pdf
[2011/03/12 01:00:53 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/03/12 01:00:53 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll

========== Files Created - No Company Name ==========

[2011/04/07 12:13:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/07 12:13:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/07 12:13:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/07 12:13:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/07 12:13:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/07 12:05:28 | 004,315,750 | R--- | C] () -- C:\Users\Nicole\Desktop\George.exe
[2011/04/07 02:58:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 15:03:19 | 001,263,721 | ---- | C] () -- C:\Users\Nicole\Desktop\tdsskiller.zip
[2011/04/05 14:38:42 | 3217,412,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/29 03:15:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/21 14:55:25 | 000,048,292 | ---- | C] () -- C:\Users\Nicole\Documents\Essay One - Nicole Baldwin.rtf
[2011/03/14 20:24:12 | 000,129,472 | ---- | C] () -- C:\Users\Nicole\Documents\dell.pdf
[2011/01/22 09:15:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/18 14:27:08 | 000,137,639 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/01/17 04:09:10 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/01/15 19:30:33 | 000,166,912 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/15 15:54:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/15 15:54:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/15 04:39:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/11 17:07:00 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/11 17:07:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/01/11 17:07:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2011/01/11 17:07:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2011/01/11 17:02:01 | 000,006,836 | ---- | C] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2010/08/25 17:57:58 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 17:57:58 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/08/25 17:57:58 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 17:57:57 | 000,433,024 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/05/08 00:38:43 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/05/07 23:51:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/05/07 23:42:39 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/05/07 23:42:38 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/06/07 06:26:07 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2006/11/02 10:27:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:17:37 | 000,371,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:03:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 08:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 08:03:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 08:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 07:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 06:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 05:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 05:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 04:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:13DF9DD1

< End of report >




Thanks for your time.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
Combofix isn't seeing your Avast either. Your version of Avast is obsolete anyway so it's time to upgrade to Avast 6. Download the setup file from:

http://download.cnet...j=dl&tag=button

If that doesn't work try: http://www.avast.com...ivirus-download (they will try to sell you the paid version just say No you want the Free version).

I think it would be wise to uninstall the old version since there is something wrong with it then reboot and
Right click the setup file and Run As Administrator.

Ron
  • 0

#5
NikkiCole

NikkiCole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Okay, did that, thanks.

So my computer should be okay now?

Edited by NikkiCole, 07 April 2011 - 10:55 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
Your logs look clean and if you are not seeing any problems then you are probably OK. If you want to make sure you can run a boot-time scan with avast.

Right click on the avast ball and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.


I would clean up System Restore by toggling it off and on:
http://www.sophos.co...icle/17803.html

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password!

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP