Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Vista Recovery


  • This topic is locked This topic is locked

#1
Phatboylee1

Phatboylee1

    Member

  • Member
  • PipPip
  • 21 posts
I have been reading all the soloutions used by other users and they seem to work for everyone else. I have done all the OTL stuff and updated malwarebytes but when i start to run the scan a window keep popping up and then my computer restarts. A different window keeps popping up sayinf Hard Drive Failure, I just keep closing it. I am nto very good with computer tech stuff. So if anyoen can help I will really be thankful.
  • 0

Advertisements


#2
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I was able to finish the malware scan and removed everything from my computer, but I still dotn have any of my icon on my desk top. what is the next step. Here is a copy of the log from malwarebytes.

Attached Files


  • 0

#3
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/4/2011 6:50:27 PM
mbam-log-2011-06-04 (18-50-27).txt

Scan type: Quick scan
Objects scanned: 183751
Time elapsed: 10 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
c:\programdata\sqoxnmcuxyw.exe (Trojan.FakeMS) -> 3656 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sqoXnmCuXYw (Trojan.FakeMS) -> Value: sqoXnmCuXYw -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\WIlliam\AppData\Local\hiq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\sqoxnmcuxyw.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\31121144.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Local\Temp\tmpACA1.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\WIlliam\local settings\application data\hiq.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\WIlliam\local settings\application data\yue.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\kernel33.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you run the following for me please

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#5
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: WIlliam [Admin rights]
Mode: Scan -- Date : 06/06/2011 22:50:17

Bad processes: 1
[SUSP PATH] sttray.exe -- c:\windows\sttray.exe -> KILLED

Registry Entries: 5
[SUSP PATH] RNUpgradeHelperResumePrompt_WIlliam.job : c:\users\william\appdata\roaming\real\update\upgradehelper\realplayer\8.01\rnupgagent.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
˙ž1

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#6
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 6/6/2011 10:53:45 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\WIlliam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.20% Memory free
4.22 Gb Paging File | 3.25 Gb Available in Paging File | 76.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 162.04 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.08% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: WILLIAM-PC | User Name: WIlliam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
PRC - [2011/06/04 19:21:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/05/24 12:27:18 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 23:12:37 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/11 15:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 09:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/12/29 02:49:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/10/25 00:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/16 18:11:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/16 18:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/04 19:21:40 | 000,000,000 | ---D | M]

[2011/02/16 00:00:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\WIlliam\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/06/05 11:50:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 22:53:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\Desktop\RK_Quarantine
[2011/06/06 13:06:18 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{3006B7E5-8F02-403A-81A1-200E05A06680}
[2011/06/05 11:50:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/04 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/06/04 16:15:06 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{152FAD2C-2DDB-4293-9DC6-8CF27B77C589}
[2011/06/04 16:14:44 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011/06/04 15:35:46 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{C30FB443-323D-48D2-AD62-50AB47BE03E9}
[2011/05/31 13:16:43 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{BCA2A4B3-269A-4358-B71E-5B56CC022084}
[2011/05/28 18:07:11 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\go
[2011/05/28 18:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/28 15:25:28 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{03D02B04-6868-4BEC-BBF3-23BAFBAFBFC4}
[2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{FFE006FA-24AC-4528-94B1-11A1324EC81B}
[2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{CAFE3401-3D89-4312-8000-800E9E1872AE}
[2011/05/27 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/05/24 12:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/05/23 17:15:00 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\Windows Live
[2011/05/22 03:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/05/21 16:39:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/05/19 22:32:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/16 18:11:10 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\DivX
[2011/05/16 18:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/16 18:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/05/16 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/05/16 18:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/16 18:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/12 13:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:48:39 | 000,511,488 | ---- | M] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 21:52:04 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 21:52:04 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 12:30:50 | 000,002,401 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/06 00:45:00 | 000,013,055 | ---- | M] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/06 00:00:00 | 000,000,664 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - WIlliam.job
[2011/06/05 11:56:38 | 000,599,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 11:56:38 | 000,103,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 11:53:44 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 11:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 11:50:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/05 00:41:56 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:12:41 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | -H-- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/04 19:21:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/06/04 18:36:12 | 000,000,160 | ---- | M] () -- C:\ProgramData\~31121144r
[2011/06/04 18:36:12 | 000,000,136 | ---- | M] () -- C:\ProgramData\~31121144
[2011/06/04 16:18:09 | 000,000,400 | ---- | M] () -- C:\ProgramData\31121144
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/27 13:23:30 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/23 17:31:45 | 000,416,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/23 17:14:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/23 17:14:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/23 17:13:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/19 10:23:31 | 000,010,108 | -HS- | M] () -- C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/19 10:23:31 | 000,010,108 | -HS- | M] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/16 18:32:33 | 000,084,992 | -H-- | M] () -- C:\Users\WIlliam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 05:11:21 | 000,000,328 | -H-- | M] () -- C:\Users\WIlliam\Desktop\fix.reg
[2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 22:48:38 | 000,511,488 | ---- | C] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 00:45:00 | 000,013,055 | ---- | C] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/05 11:53:44 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 00:41:56 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:41:44 | 000,002,401 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/05 00:12:41 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | -H-- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/04 16:14:45 | 000,000,160 | ---- | C] () -- C:\ProgramData\~31121144r
[2011/06/04 16:14:45 | 000,000,136 | ---- | C] () -- C:\ProgramData\~31121144
[2011/06/04 16:14:39 | 000,000,400 | ---- | C] () -- C:\ProgramData\31121144
[2011/05/24 12:27:12 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/23 17:17:26 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/23 17:13:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
[2011/05/12 05:11:21 | 000,000,328 | -H-- | C] () -- C:\Users\WIlliam\Desktop\fix.reg
[2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
[2011/05/01 23:14:44 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\d1iQq.com
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\SQys5f.exe
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\oyq69.pif
[2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\m4ONx.pif
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/01/04 17:39:47 | 000,001,940 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/11 01:30:37 | 000,000,025 | ---- | C] () -- C:\Windows\clofghls.dll
[2010/12/09 15:39:12 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/08/08 19:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/08 06:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/08 06:51:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/08 00:07:31 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/14 08:33:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/05/16 10:12:35 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/03/25 17:56:21 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
[2007/02/26 22:13:52 | 000,007,592 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\d3d9caps.dat
[2007/02/18 23:15:55 | 000,001,500 | -H-- | C] () -- C:\Users\WIlliam\AppData\Roaming\wklnhst.dat
[2007/02/08 00:14:48 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/02/08 00:13:23 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2007/02/07 23:20:52 | 000,084,992 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/07 22:31:20 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/02/05 18:23:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/02/05 18:23:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/02/05 18:23:19 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/05 10:52:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/05 10:42:22 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/02/05 10:42:21 | 000,000,149 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,416,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,599,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,088 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2007/03/19 23:18:51 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\acccore
[2007/03/19 23:19:52 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Aim
[2008/03/24 12:55:54 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Amazon
[2008/07/17 08:15:30 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Atari
[2010/07/15 19:19:37 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\CD8872790FFB2047C1C6B310B8156A88
[2011/06/06 16:04:56 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\go
[2007/09/19 19:20:35 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Leadertech
[2008/05/30 23:24:50 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\MusicNet
[2007/11/06 00:10:19 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\My Games
[2007/02/18 23:16:03 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Template
[2010/06/23 09:59:59 | 000,000,000 | -H-D | M] -- C:\Users\WIlliam\AppData\Roaming\Tific
[2011/06/05 11:51:09 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 02:50:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 02:50:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/23 17:13:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/23 17:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/23 17:13:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< End of report >
  • 0

#7
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL Extras logfile created on: 6/4/2011 5:44:46 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\WIlliam\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 68.89% Memory free
4.22 Gb Paging File | 3.81 Gb Available in Paging File | 90.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 173.94 Gb Free Space | 78.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.08% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: WILLIAM-PC | User Name: WIlliam | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDFA100-7B56-40B8-892D-B8F13E251A81}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1132565F-3C83-426E-9844-FE8D28EC5F8B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{73281E20-C69E-4AF6-A00D-3CCF58DC473A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F1471E8-6400-47DB-AACB-7FE4396FBC5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3AC3EF0-6A0C-4422-94B9-437647A7CAD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE1371B8-2845-470D-9588-BEC65D498801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047E1AE2-B590-4A42-BA72-6D10FF33B666}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{09C80647-3EA5-4EB5-9429-95F5E0923291}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0C291ED4-856B-4049-832A-EC6F08B8F690}" = protocol=6 | dir=in | app=c:\program files\aim7\aim.exe |
"{13A559F0-6DBE-413E-9FDE-83A4413653E9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19BE9B10-BC96-4E5E-BBD6-6E44802B1385}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{20AEDCFC-C867-45F2-9926-5902D2DE16B3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{26B65086-BA25-4BCB-833D-0D53C6086A57}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{2851E987-7D0F-466F-8354-C892AC3BAECF}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{3DA44A1A-D2FF-4CDD-9941-3EDE95318F29}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{43F22ACE-2628-47BF-A59E-6FDDF1E9F277}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{47D45825-FDED-4AF0-8A37-53287E7A7B59}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{4CA7F60C-0958-4012-8B4B-4D2DEF41FAD9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{54AFE6EA-7A27-4252-8E51-6B3C35EAFA73}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5C706C57-8A01-4620-8BAC-D6EE83972F76}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{61011F5E-D46A-42FC-AB46-0FC9528B50DB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{68966B85-FBE7-45BE-8397-A222BE7D1548}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7DA35BD4-C5F0-463B-ACF9-48107AEF84A6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{860AFFA3-2AA6-4639-AE8E-070A66669CEC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8E6B7D44-1CD8-4CCB-9FE4-09FC8A7AB852}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{94BC56FC-F467-4271-81AE-8DFC7763CA14}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9AF318B5-08BE-4420-9E7A-A3F8C5ADCC57}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{A49ABF66-DFAF-48EF-B5AF-1B74E78D90AD}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{A7D1B3B6-3203-49BD-9522-565436796B3D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{A934A941-B40F-4900-83C2-DBBBA8B0B6A9}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{AE087BFF-4972-43A0-A294-DBE6F0521CD2}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{B1A4D2CC-8C02-4C64-BD44-61C868A955AE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{B707A364-30D7-45E2-9ADC-33A630DB1F69}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BE9C732D-A394-4088-9029-8DFA490C8747}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{BECAD683-96A9-450D-83D7-107EBC1693B6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{BF83257C-7BB5-4C17-8B30-1C38E7A3E016}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C4BE3161-36B6-48B8-BEF4-82A5229F6A6E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CAB702C7-93B6-4D74-9084-84C10EA388FA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{D064AD3B-F107-4410-9DAF-4FAFD1A9B2EE}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D404176A-F020-46A9-B466-DBFBB99014E6}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{DAE9B9FC-908A-472A-B6A3-4E3E1D6D1A42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0FEBBB2-2E4E-4335-8DD3-97F0B4BFC977}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5DACBA9-F693-43BE-BD17-4F548E103CDD}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EC37E543-D364-4BBF-B149-61D4E013DA73}" = protocol=17 | dir=in | app=c:\program files\aim7\aim.exe |
"{FBA0B60E-1595-471F-A0D3-10A01260D039}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCDE341-328B-434B-9F21-AF5BADB57852}" = Symantec Technical Support Web Controls
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}" = ATI Catalyst Control Center Ex
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"DivX Setup.divx.com" = DivX Setup
"Google Desktop" = Google Desktop
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RealPlayer 12.0" = RealPlayer
"Sins of a Solar Empire" = Sins of a Solar Empire
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 8930" = Sid Meier's Civilization V
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1873637470-368310328-3273697420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2011 3:48:41 PM | Computer Name = WIlliam-PC | Source = Application Error | ID = 1000
Description = Faulting application UMVPFSrv.exe, version 13.25.1014.0, time stamp
0x4d955c8d, faulting module UMVPL.dll, version 13.0.1774.0, time stamp 0x4be4bfff,
exception code 0xc0000005, fault offset 0x00001e1c, process id 0x4f4, application
start time 0x01cc1990c94e73c9.

Error - 6/4/2011 3:36:27 PM | Computer Name = WIlliam-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 15.4.3508.1109, time stamp
0x4cda7240, faulting module wlupdate.15.4.105.0.dll_unloaded, version 0.0.0.0,
time stamp 0x4c9afde5, exception code 0xc0000005, fault offset 0x676c7750, process
id 0xb6c, application start time 0x01cc22ee903205e0.

Error - 6/4/2011 4:22:38 PM | Computer Name = WIlliam-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/4/2011 5:31:10 PM | Computer Name = WIlliam-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =

Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =

Error - 6/4/2011 5:32:58 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =

Error - 6/4/2011 5:32:59 PM | Computer Name = WIlliam-PC | Source = SignInAssistant | ID = 0
Description =

Error - 6/4/2011 5:38:50 PM | Computer Name = WIlliam-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 6/4/2011 4:28:09 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 6/4/2011 4:40:06 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 6/4/2011 5:03:45 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 6/4/2011 5:29:20 PM | Computer Name = WIlliam-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 6/4/2011 5:31:03 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =

Error - 6/4/2011 5:31:10 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =

Error - 6/4/2011 5:31:16 PM | Computer Name = WIlliam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/4/2011 5:31:16 PM | Computer Name = WIlliam-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/4/2011 5:31:23 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =

Error - 6/4/2011 5:31:24 PM | Computer Name = WIlliam-PC | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi once this run is complete can you let me know what problems remain

Run RogueKiller and select Option 6

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-1873637470-368310328-3273697420-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    2011/06/04 16:15:06 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{152FAD2C-2DDB-4293-9DC6-8CF27B77C589}
    [2011/06/04 16:14:44 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
    [2011/06/04 15:35:46 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{C30FB443-323D-48D2-AD62-50AB47BE03E9}
    [2011/05/31 13:16:43 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{BCA2A4B3-269A-4358-B71E-5B56CC022084}
    [2011/05/28 15:25:28 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{03D02B04-6868-4BEC-BBF3-23BAFBAFBFC4}
    [2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{FFE006FA-24AC-4528-94B1-11A1324EC81B}
    [2011/05/28 01:35:24 | 000,000,000 | -H-D | C] -- C:\Users\WIlliam\AppData\Local\{CAFE3401-3D89-4312-8000-800E9E1872AE}
    [2011/06/04 18:36:12 | 000,000,160 | ---- | M] () -- C:\ProgramData\~31121144r
    [2011/06/04 18:36:12 | 000,000,136 | ---- | M] () -- C:\ProgramData\~31121144
    [2011/06/04 16:18:09 | 000,000,400 | ---- | M] () -- C:\ProgramData\31121144
    [2011/05/19 10:23:31 | 000,010,108 | -HS- | M] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
    [2011/05/16 18:32:33 | 000,084,992 | -H-- | M] () -- C:\Users\WIlliam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/12 05:11:21 | 000,000,328 | -H-- | M] () -- C:\Users\WIlliam\Desktop\fix.reg
    [2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/12 05:00:32 | 000,013,242 | -HS- | M] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
    [2011/05/19 09:23:06 | 000,010,108 | -HS- | C] () -- C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15
    [2011/05/12 05:11:21 | 000,000,328 | -H-- | C] () -- C:\Users\WIlliam\Desktop\fix.reg
    [2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/12 04:36:58 | 000,013,242 | -HS- | C] () -- C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    [2011/05/01 23:14:44 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\d1iQq.com
    [2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\SQys5f.exe
    [2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\oyq69.pif
    [2011/05/01 23:01:42 | 000,172,409 | -HS- | C] () -- C:\Users\WIlliam\AppData\Roaming\m4ONx.pif


    :files
    attrib -H c:\*.* /s /d /c
    ipconfig /flushdns /c
    C:\Users\WIlliam\AppData\Local\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    C:\ProgramData\230t17d8r0p00q1761g3mnq4h8r4n7k5w62
    C:\Users\WIlliam\AppData\Local\3572q817521g0wy5u7bosv41hubmkdr15
    C:\ProgramData\3572q817521g0wy5u7bosv41hubmkdr15

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 6/7/2011 11:35:54 AM - Run 5
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\WIlliam\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.99% Memory free
4.22 Gb Paging File | 3.64 Gb Available in Paging File | 86.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 159.93 Gb Free Space | 71.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.08% Space Free | Partition Type: NTFS
Drive E: | 1.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: WILLIAM-PC | User Name: WIlliam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
PRC - [2011/06/04 19:21:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/22 18:56:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/17 23:12:37 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/29 13:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/11 15:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/04 09:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/12/29 02:49:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/22 18:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/10/25 00:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/16 18:11:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/16 18:11:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/04 19:21:40 | 000,000,000 | ---D | M]

[2011/02/16 00:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIlliam\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/06/07 11:33:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 11:36:08 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{74AC0B42-4B4D-4164-9E19-69AE2B09CFB4}
[2011/06/06 22:53:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\Desktop\RK_Quarantine
[2011/06/06 13:06:18 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{3006B7E5-8F02-403A-81A1-200E05A06680}
[2011/06/05 11:50:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/04 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/06/04 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\{152FAD2C-2DDB-4293-9DC6-8CF27B77C589}
[2011/05/28 18:07:11 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Roaming\go
[2011/05/28 18:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/27 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/05/24 12:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/05/24 12:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/05/23 17:15:00 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Local\Windows Live
[2011/05/22 03:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/05/21 16:39:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/05/21 16:39:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/05/19 22:32:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/16 18:11:10 | 000,000,000 | ---D | C] -- C:\Users\WIlliam\AppData\Roaming\DivX
[2011/05/16 18:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/16 18:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/05/16 18:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/05/16 18:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/05/16 18:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/05/12 13:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 11:34:58 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 11:34:58 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 11:34:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 11:33:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/06 23:19:41 | 000,002,401 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/06 22:53:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\WIlliam\Desktop\OTL.exe
[2011/06/06 22:48:39 | 000,511,488 | ---- | M] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 00:45:00 | 000,013,055 | ---- | M] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/06 00:00:00 | 000,000,664 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - WIlliam.job
[2011/06/05 11:56:38 | 000,599,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 11:56:38 | 000,103,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 11:53:44 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 00:41:56 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:12:41 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/06/04 19:21:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/27 13:23:30 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/27 13:23:29 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/05/23 17:35:13 | 000,000,945 | ---- | M] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/23 17:31:45 | 000,416,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/23 17:14:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/23 17:14:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/23 17:13:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 11:30:11 | 000,002,223 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Music Jukebox.lnk
[2011/06/07 11:30:11 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\ Sansa Media Converter.lnk
[2011/06/07 11:30:11 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/07 11:30:11 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/07 11:30:11 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/06/07 11:30:11 | 000,001,693 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/07 11:30:11 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/06/07 11:30:11 | 000,001,475 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011/06/07 11:30:11 | 000,000,945 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/07 11:30:11 | 000,000,940 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/07 11:30:11 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/07 11:30:11 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/07 11:30:11 | 000,000,258 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/07 11:30:11 | 000,000,240 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/06 22:48:38 | 000,511,488 | ---- | C] () -- C:\Users\WIlliam\Desktop\RogueKiller.exe
[2011/06/06 00:45:00 | 000,013,055 | ---- | C] () -- C:\Users\WIlliam\Desktop\Single_User_Shortcuts.zip
[2011/06/05 11:53:44 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/06/05 00:41:56 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/06/05 00:41:44 | 000,002,401 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/06/05 00:12:41 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Desktop\Internet Explorer (2).lnk
[2011/06/05 00:04:41 | 000,000,951 | ---- | C] () -- C:\Users\WIlliam\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/24 12:27:12 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/23 17:17:26 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/23 17:13:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 03:21:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/22 03:20:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/01/04 17:39:47 | 000,001,940 | -H-- | C] () -- C:\Users\WIlliam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/11 01:30:37 | 000,000,025 | ---- | C] () -- C:\Windows\clofghls.dll
[2010/12/09 15:39:12 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI
[2010/08/08 19:10:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/08 06:51:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/08 06:51:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/08 00:07:31 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/14 08:33:40 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/05/16 10:12:35 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/03/25 17:56:21 | 000,118,784 | ---- | C] () -- C:\Windows\bwUnin-7.2.0.157-8876480SL.exe
[2007/02/26 22:13:52 | 000,007,592 | ---- | C] () -- C:\Users\WIlliam\AppData\Local\d3d9caps.dat
[2007/02/18 23:15:55 | 000,001,500 | ---- | C] () -- C:\Users\WIlliam\AppData\Roaming\wklnhst.dat
[2007/02/08 00:14:48 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/02/08 00:13:23 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2007/02/07 22:31:20 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/02/05 18:23:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/02/05 18:23:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/02/05 18:23:19 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/02/05 10:52:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/02/05 10:42:22 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/02/05 10:42:21 | 000,000,149 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,416,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,599,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,088 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2007/03/19 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\acccore
[2007/03/19 23:19:52 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Aim
[2008/03/24 12:55:54 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Amazon
[2008/07/17 08:15:30 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Atari
[2010/07/15 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\CD8872790FFB2047C1C6B310B8156A88
[2011/06/07 08:04:53 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\go
[2007/09/19 19:20:35 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Leadertech
[2008/05/30 23:24:50 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\MusicNet
[2007/11/06 00:10:19 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\My Games
[2007/02/18 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Template
[2010/06/23 09:59:59 | 000,000,000 | ---D | M] -- C:\Users\WIlliam\AppData\Roaming\Tific
[2011/06/07 11:33:55 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Everything is running back to normal. Thanks so much for the help. I am not the best when in comes to fixing computer, so it nice to know that someone can guide me through it step by step. Do i need to keep RK and OTL, and all the notepad they created on my desk top? Thanks again!
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope let me remove them for you :yes:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools page
  • Select Performance Information and Tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#12
Phatboylee1

Phatboylee1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks, did everythign you asked and everything is working great. I have malwarebytes and will run it weekly. I amso have McGafee and will also make sure to keep it updated. Thanks again. If I have any problems in the future i now know who to talk to for help. thanks again!
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure - keep safe
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP