Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Security 2012 Issue

Started by Carol C. , Jun 15 2011 10:27 AM

  • This topic is locked This topic is locked

#1
Carol C.
Posted 15 June 2011 - 10:27 AM

Carol C.

    Member

  • Member
  • PipPip
  • 51 posts
Got a virus or malaware: Windows R Security Alert 2012 R keeps asking me to buy their protection, firewall not working. Keeps popping up and I can't get into the internet at all.The virus/malaware tells me I have a trojan virus and am in DANGER!! Have Malawarebytes Anti-Malware on the computer, didn't work, AVG 8.5 free said it has no virus, and Advast ran a 2 hour scan, and said no virus! Heres the OTR logs:
Log One:
OTL logfile created on: 6/15/2011 11:44:52 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.95% Memory free
3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 39.20 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.88 Gb Free Space | 92.37% Space Free | Partition Type: FAT32

Computer Name: FAIRLAWNS | User Name: Stephen Cornwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 11:35:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/23 10:51:20 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/08 13:50:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/06 09:46:02 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010/03/06 09:45:56 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/03/04 08:08:04 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2010/03/04 08:08:02 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2010/03/04 08:08:02 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/28 17:15:32 | 004,853,016 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\XoftSpySE6\XoftSpySE.exe
PRC - [2009/08/28 17:15:30 | 000,582,424 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldocoms.exe
PRC - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 11:35:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/10/22 20:51:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/08 13:52:09 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 10:51:20 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/06 09:45:56 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/03/04 08:08:02 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 17:15:30 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/24 16:11:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/16 14:51:11 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/30 10:35:38 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/14 09:42:41 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/04 08:08:04 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 08:08:04 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 08:08:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/24 11:15:35 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/24 11:15:34 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/10/22 02:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 02:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/03 15:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 15:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/12/18 21:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/06/12 20:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2001/01/08 09:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/03/06 09:46:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/07/05 00:52:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/08 13:52:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 06:51:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/15 09:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 13:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 07:19:18 | 000,000,000 | ---D | M]

[2008/11/19 12:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Extensions
[2011/06/15 09:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions
[2009/08/31 17:11:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/17 11:46:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/05 00:50:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/12/06 21:13:05 | 000,000,000 | ---D | M] (Elf 1.13 Community Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2008/12/22 20:06:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/12/06 21:13:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2009/10/14 05:41:33 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/03/06 15:06:36 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/04/09 19:50:36 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/01/29 20:11:06 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2011/06/15 09:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 22:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/12/01 17:25:02 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2009/07/02 23:17:08 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [3576839173] C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} https://vmodlms.wide...ZWDLManager.cab (DLManager Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab (Zenfolio Uploader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macrom...abs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 15:25:09 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{036d7135-7fa9-11dd-b43d-001d097ff0cb}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{0bc142a7-c975-11dc-b3df-001d097ff0cb}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 10:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/06/15 09:14:33 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/15 09:14:33 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/15 09:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/15 09:14:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/15 09:14:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/15 09:14:25 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/15 09:14:23 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/15 09:14:23 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/15 09:14:23 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/15 09:14:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/15 09:14:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/15 09:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/15 09:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/15 08:30:24 | 003,350,512 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Stephen Cornwell\Desktop\SecurityScan_Release.exe
[2011/06/15 08:21:09 | 005,568,944 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Stephen Cornwell\Desktop\avg_free_stb_en_2011_1382_free.exe
[2011/06/15 08:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Sammsoft
[2011/06/15 07:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/06/15 07:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/06/14 19:56:34 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe
[2011/06/07 14:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen Cornwell\Desktop\Alexis' Stuff
[2011/05/26 04:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/19 16:02:15 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohcp.dll
[2008/06/19 16:02:15 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll
[2008/06/19 16:02:15 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll
[2008/06/19 16:02:14 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll
[2008/06/19 16:02:14 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll
[2008/06/19 16:02:14 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll
[2008/06/19 16:02:14 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll
[2008/06/19 16:02:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll
[2008/06/19 16:02:14 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocoms.exe
[2008/06/19 16:02:14 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll
[2008/06/19 16:02:14 | 000,365,808 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocfg.exe
[2008/06/19 16:02:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll
[2008/06/19 16:02:14 | 000,320,752 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoih.exe
[2008/06/19 16:02:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll
[8 C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp -> ]
[15 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 11:43:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1326893772-630010757-4279459883-1006UA.job
[2011/06/15 11:42:48 | 000,016,984 | -HS- | M] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\o65qw5qxmp45w71w2010773
[2011/06/15 11:42:48 | 000,016,984 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o65qw5qxmp45w71w2010773
[2011/06/15 11:28:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 11:05:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\prvlcl.dat
[2011/06/15 11:01:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/15 10:32:21 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/15 10:32:21 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/15 10:22:09 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1326893772-630010757-4279459883-1006.job
[2011/06/15 10:22:09 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1326893772-630010757-4279459883-1006.job
[2011/06/15 09:14:34 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/15 09:14:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/15 08:43:41 | 077,581,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/15 08:28:08 | 003,350,512 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Stephen Cornwell\Desktop\SecurityScan_Release.exe
[2011/06/15 08:18:39 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to avg_free_stb_en_2011_1382_free.exe.lnk
[2011/06/15 08:13:44 | 005,568,944 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Stephen Cornwell\Desktop\avg_free_stb_en_2011_1382_free.exe
[2011/06/15 08:00:01 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Check PC For Errors.lnk
[2011/06/15 08:00:01 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/06/15 04:55:55 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 04:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 04:55:51 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 19:34:51 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/14 19:34:50 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/06/14 17:03:58 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/06/14 17:03:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/06/14 14:25:24 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Stephen Cornwell.job
[2011/06/14 03:43:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1326893772-630010757-4279459883-1006Core.job
[2011/06/14 03:00:04 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE_sch_B51469BC-4701-11DF-BFD8-001D097FF0CB.job
[2011/06/13 22:13:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/06/13 08:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 06:07:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/05/30 23:40:06 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\mcs.rma
[2011/05/30 23:40:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\3F720F
[2011/05/30 22:40:17 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\V CAST Music with Rhapsody.lnk
[2011/05/30 22:40:17 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\V CAST Music with Rhapsody.lnk
[2011/05/30 13:52:31 | 000,164,724 | ---- | M] () -- C:\Documents and Settings\All Users\dldo
[8 C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp -> ]
[15 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 10:32:21 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/15 09:14:34 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/15 08:35:20 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/15 08:18:39 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to avg_free_stb_en_2011_1382_free.exe.lnk
[2011/06/15 08:00:01 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Check PC For Errors.lnk
[2011/06/15 08:00:01 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/06/14 19:56:35 | 000,016,984 | -HS- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\o65qw5qxmp45w71w2010773
[2011/06/14 19:56:35 | 000,016,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o65qw5qxmp45w71w2010773
[2011/05/30 22:40:17 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\V CAST Music with Rhapsody.lnk
[2010/12/16 04:34:09 | 000,405,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1326893772-630010757-4279459883-1006-0.dat
[2010/12/16 04:33:55 | 000,369,354 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/16 00:57:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\eautil.dll
[2010/06/13 23:18:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\rx_image.Cache
[2010/04/17 10:51:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\prvlcl.dat
[2010/02/26 00:04:38 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\mcs.rma
[2010/02/26 00:04:38 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\3F720F
[2009/07/19 20:15:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Common
[2009/07/19 20:15:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Colors
[2009/07/19 20:15:35 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/07/19 20:15:35 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Contents
[2008/12/15 09:50:53 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/11/21 00:17:17 | 000,007,843 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/11/19 16:07:31 | 004,761,376 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/19 16:07:31 | 000,086,304 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/11/18 02:57:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/08/31 18:37:26 | 000,000,524 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/19 16:08:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll
[2008/06/19 16:08:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldocoin.dll
[2008/06/19 16:07:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll
[2008/06/19 16:07:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll
[2008/06/19 16:07:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll
[2008/06/19 16:02:15 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldoinst.dll
[2008/06/19 16:02:14 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll
[2008/06/19 16:02:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll
[2008/06/19 16:02:14 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll
[2008/06/19 16:02:14 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll
[2008/06/19 16:02:14 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll
[2008/06/19 16:02:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll
[2008/06/19 16:02:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll
[2008/06/19 16:02:14 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll
[2008/06/19 16:02:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll
[2008/06/19 16:02:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll
[2008/06/19 00:53:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/06/10 11:58:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Basic
[2008/06/10 11:58:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Home
[2008/06/10 11:58:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2008/06/10 11:58:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Resources
[2008/06/10 11:58:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Chords
[2008/06/10 11:58:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\HomePageService
[2008/06/10 11:58:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Robot
[2008/06/10 11:54:57 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/05/11 03:47:01 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2008/05/04 19:10:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/04/29 16:40:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Synthesizers
[2008/04/29 16:40:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Horns
[2008/04/29 16:40:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sample Delay
[2008/04/29 16:37:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/04/16 21:34:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldooem.dll
[2008/04/16 21:34:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMON.DLL
[2008/04/16 21:34:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDOFXPU.DLL
[2008/04/16 21:34:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMRC.DLL
[2008/04/07 10:17:53 | 000,001,510 | ---- | C] () -- C:\WINDOWS\Sketchpad Preferences.dat
[2008/03/25 01:24:38 | 000,065,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/12 18:55:12 | 000,002,934 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/03/02 21:59:17 | 000,000,052 | ---- | C] () -- C:\WINDOWS\specialsaver.ini
[2008/02/08 03:59:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/01/31 22:50:45 | 000,003,936 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\wklnhst.dat
[2008/01/30 06:12:03 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/28 18:03:40 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/28 18:03:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\888056906B.sys
[2008/01/24 16:36:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mcw32.dll
[2008/01/24 15:37:19 | 000,002,470 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/23 14:29:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/22 23:14:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/18 03:26:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 03:22:21 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/18 03:22:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/18 03:01:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 03:00:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/18 02:59:52 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/06/19 15:25:08 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 15:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 001,604,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,507,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,090,052 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/01/28 13:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\968 Series
[2008/10/17 10:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/06/15 10:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/06/15 09:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/16 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/07/19 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/04/28 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/05/27 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/07/05 10:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/07/05 10:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/09/19 00:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/01/30 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/07/19 20:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/04/13 09:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/11/19 16:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/07/05 10:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2009/01/27 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2008/02/27 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/01/18 03:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/01/18 03:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/12 22:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/15 08:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/19 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/10/17 10:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 18:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/05 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/24 11:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/02/03 18:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\968 Series
[2008/10/02 13:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Anthropics
[2009/07/05 00:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\AVGTOOLBAR
[2009/04/21 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/08 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Costco Photo Organizer
[2010/06/16 01:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\EasyJob Resume Builder
[2010/05/03 18:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Facebook
[2008/11/26 18:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Flickr
[2008/05/15 19:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Gamelab
[2009/07/04 10:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\HDRsoft
[2008/05/26 14:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\My Games
[2008/02/11 21:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Netscape
[2009/07/19 20:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Nikon
[2008/02/29 21:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\RapidSolution Software AG
[2008/02/27 02:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\RTPlayer
[2011/06/15 08:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Sammsoft
[2010/09/27 17:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Smith Micro
[2008/04/05 01:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Snapfish
[2008/01/31 22:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Template
[2009/09/09 22:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Titanium Gears
[2008/11/18 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Uniblue
[2008/04/05 07:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Wal-Mart
[2010/07/22 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\WeatherBug
[2011/06/14 19:34:51 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/06/14 19:34:50 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/06/08 06:07:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/06/15 11:01:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\specialsaver.scr:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Setup.exe:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Xilisoft Corporation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Untitled Gallery:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Radiotracker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\PDB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Musicnotes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Demo Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Batched Wedding pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\australia_flag.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Virus Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Unused Desktop Shortcuts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\recipes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Music for Carol:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\LinksysConnectPC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\LEASE for Fairlawns Tendrich:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\HIGH SCHOOL PREP FOLDER FOR JON AND TIFF IMPORTANT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Edited Pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Boat Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\16329 House Stuff:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
And the extras:
OTL Extras logfile created on: 6/15/2011 11:44:52 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.95% Memory free
3.84 Gb Paging File | 3.15 Gb Available in Paging File | 82.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 39.20 Gb Free Space | 26.32% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.88 Gb Free Space | 92.37% Space Free | Partition Type: FAT32

Computer Name: FAIRLAWNS | User Name: Stephen Cornwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Disabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Disabled:SingleClick ICC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\WINDOWS\system32\dldocoms.exe" = C:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell Communications System -- ( )
"C:\Program Files\Dell 968 AIO Printer\dldomon.exe" = C:\Program Files\Dell 968 AIO Printer\dldomon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Dell 968 AIO Printer\memcard.exe" = C:\Program Files\Dell 968 AIO Printer\memcard.exe:*:Enabled:Memory Card Manager Executable -- ()
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsEditor.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsEditor.exe:*:Enabled:Adobe Photoshop Elements 6.0 (Editor) -- (Adobe Systems, Incorporated)
"C:\Program Files\Dell 968 AIO Printer\dldoafcn.exe" = C:\Program Files\Dell 968 AIO Printer\dldoafcn.exe:*:Disabled: -- ()
"C:\Documents and Settings\Stephen Cornwell\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe" = C:\Documents and Settings\Stephen Cornwell\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe:*:Disabled:
"C:\Documents and Settings\Carol Cornwell\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe" = C:\Documents and Settings\Carol Cornwell\Local Settings\Temp\dldo\wireless\ENGLISH\dldowpss.exe:*:Disabled:
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM
"C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe" = C:\Program Files\Dell 968 AIO Printer\dldoaiox.exe:*:Disabled:AIOC exe -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\KnowItAll\KIA.exe" = C:\Program Files\KnowItAll\KIA.exe:*:Enabled: -- ( Sensible Software, Inc./KnowItAll, LLC.)
"C:\WINDOWS\system32\dldocfg.exe" = C:\WINDOWS\system32\dldocfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{018E57B2-1905-4C99-A69E-DA832136E0D8}" = KnowItAll
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{14374622-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Pro 2005
"{1445ECFA-AD4B-4f22-A1D2-DDB81354EC1D}" = Snapfish PictureMover
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{189DD916-DD25-4975-91A3-BCAB5A63C22B}" = KnowItAll
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200212F5-36B0-403A-950F-80B989132A10}" = Microsoft OLE DB Provider for Visual FoxPro
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BD16086-3A43-46FB-A035-647DA51D039A}" = Visual CLIP Client
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{340412BA-7EE6-460F-A528-A7A4BBE6FE22}" = Visual / qCLIP Client - CLIP Software
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3A3532ED-A121-4297-AA4F-70B60E4BD631}" = Playalot Games
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64367D02-ADA8-4FA0-B348-27F25C60BC7B}" = muvee autoProducer 5.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72470D12-2CCA-4324-AFF9-F1396A2168EA}" = Corel Snapfire muvee autoProducer add-on
"{7426428E-71D4-452C-BA13-B14E5EB52859}" = WeatherBug Alert
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0
"{788B97E8-D825-419A-8558-1C0B344C5371}" = Costco Photo Organizer
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95467212-9502-4858-9ABC-CD391A858479}" = Google Desktop Plugin - VerseOfTheDay
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C48B121E-9175-4D1F-90DA-BCBA928E5187}" = Radiotracker
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3815721-7859-40E2-846A-0C9461BDCD8D}" = Wireless G WDA-1320
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7269FD6-34EA-4617-8752-6739AA384080}" = V CAST Media Manager
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E81BE39A-2605-45EA-A3D4-6A033ABA3107}" = Graphical Analysis 3.2 Minimal
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F94CD2B0-AFC8-4346-A370-19668271769C}" = ICC Profile Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ARO 2011_is1" = ARO 2011
"AT&T Yahoo! Browser Configuration" = AT&T Yahoo! Browser Configuration
"ATT-PRT22" = ATT-PRT22
"ATT-RC" = ATT-RC Self Support Tool
"ATT-SST" = AT&T Self Support Tool
"avast" = avast! Free Antivirus
"AVG8Uninstall" = AVG Free 8.5
"Babysitting Mania" = Babysitting Mania (remove only)
"Capture NX" = Capture NX
"Capture NX 2" = Capture NX 2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell 968 AIO Printer" = Dell 968 AIO Printer
"DivX Setup.divx.com" = DivX Setup
"EasyJob Resume Builder_is1" = EasyJob Resume Builder 4.79.2777
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"ERUNT_is1" = ERUNT 1.1j
"F and P Assessment" = F and P Assessment
"Farm Frenzy" = Farm Frenzy (remove only)
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.480
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"InstallShield_{D3815721-7859-40E2-846A-0C9461BDCD8D}" = Wireless G WDA-1320
"LG USB Drivers" = LG USB Drivers
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NSS" = Norton Security Scan
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Opanda IExif_is1" = Opanda IExif 2.3
"Opanda PowerExif Professional Trial_is1" = Opanda PowerExif 1.2 Professional Trial
"PhotoMail" = PhotoMail Maker
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
"Picasa 3" = Picasa 3
"Plaxo" = Plaxo Toolbar for Windows
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QuickGamma_is1" = QuickGamma 2.0.0.3
"RealPlayer 12.0" = RealPlayer
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SearchAssist" = SearchAssist
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"Showit_Web2.7" = Showit Web 2.7
"specialsaver" = specialsaver
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Tax Forms Helper 2008_is1" = Tax Forms Helper 2008 8.5
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Trillian" = Trillian
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VCast Music Essentials Manager" = V CAST Music Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = att.net Toolbar
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"Yahoo! Software Update" = Yahoo! Software Update
"zfupload" = Zenfolio Uploader

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2011 10:22:12 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:22:59 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:26:55 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:29:11 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:29:54 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:31:51 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:34:13 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:35:31 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 11:31:27 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 11:43:04 AM | Computer Name = FAIRLAWNS | Source = Application Hang | ID = 1002
Description = Hanging application llq.exe, version 5.7.0.18066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/14/2011 08:07:42 PM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dldoCATSCustConnectService
service to connect.

Error - 6/14/2011 08:07:42 PM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7000
Description = The dldoCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/14/2011 08:07:42 PM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/14/2011 08:07:42 PM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 6/15/2011 04:57:00 AM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 6/15/2011 04:57:00 AM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dldoCATSCustConnectService
service to connect.

Error - 6/15/2011 04:57:00 AM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7000
Description = The dldoCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/15/2011 04:57:00 AM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/15/2011 04:57:00 AM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 6/15/2011 08:17:10 AM | Computer Name = FAIRLAWNS | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V6 service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
Thank you,
Carol
  • 0

Advertisements

#2
Essexboy
Posted 15 June 2011 - 01:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you will need to uninstall three of the four AV's currently on your system - if you have problems with this let me know and I will provide the removal tools

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKCU..\Run: [3576839173] C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe (Microsoft Corporation)
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe" -a "%1" %* (Microsoft Corporation)
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe" -a "%1" %* (Microsoft Corporation)
    [2011/06/15 11:42:48 | 000,016,984 | -HS- | M] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\o65qw5qxmp45w71w2010773
    [2011/06/15 11:42:48 | 000,016,984 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o65qw5qxmp45w71w2010773
    [2011/06/15 08:00:01 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Check PC For Errors.lnk
    [2011/06/15 08:00:01 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
    [2011/06/14 19:56:35 | 000,016,984 | -HS- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\o65qw5qxmp45w71w2010773
    [2011/06/14 19:56:35 | 000,016,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o65qw5qxmp45w71w2010773
    [2011/06/15 08:00:01 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Check PC For Errors.lnk
    [2011/06/15 08:00:01 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
    [2011/05/30 23:40:06 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\3F720F
    [2008/12/15 09:50:53 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe


    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\o65qw5qxmp45w71w2010773
    C:\Documents and Settings\All Users\Application Data\o65qw5qxmp45w71w2010773

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 567KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Carol C.
Posted 15 June 2011 - 02:36 PM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thank you for your reply.

Here's the first log after the custom/scan was pasted to the bottom of the first screen:

OTL logfile created on: 6/15/2011 04:10:18 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.61% Memory free
3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 40.98 Gb Free Space | 27.51% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.87 Gb Free Space | 92.23% Space Free | Partition Type: FAT32

Computer Name: FAIRLAWNS | User Name: Stephen Cornwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 11:35:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/23 10:51:20 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/08 13:50:42 | 000,488,968 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\realplayer\realplay.exe
PRC - [2010/03/08 13:50:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/06 09:46:02 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010/03/06 09:45:56 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/03/04 08:08:04 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2010/03/04 08:08:02 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2010/03/04 08:08:02 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldocoms.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 11:35:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/10/22 20:51:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/08 13:52:09 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 10:51:20 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/06 09:45:56 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/03/04 08:08:02 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 17:15:30 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/24 16:11:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/16 14:51:11 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/30 10:35:38 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/14 09:42:41 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/04 08:08:04 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 08:08:04 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 08:08:02 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/24 11:15:35 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/24 11:15:34 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/10/22 02:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 02:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/03 15:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 15:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/12/18 21:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/06/12 20:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2001/01/08 09:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/03/06 09:46:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/07/05 00:52:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/08 13:52:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 06:51:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/15 09:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 13:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 07:19:18 | 000,000,000 | ---D | M]

[2008/11/19 12:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Extensions
[2011/06/15 09:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions
[2009/08/31 17:11:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/17 11:46:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/05 00:50:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/12/06 21:13:05 | 000,000,000 | ---D | M] (Elf 1.13 Community Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2008/12/22 20:06:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/12/06 21:13:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2009/10/14 05:41:33 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/03/06 15:06:36 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/04/09 19:50:36 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/01/29 20:11:06 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2011/06/15 09:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 22:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/12/01 17:25:02 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/06/15 16:03:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.199\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} https://vmodlms.wide...ZWDLManager.cab (DLManager Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab (Zenfolio Uploader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macrom...abs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 15:25:09 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{036d7135-7fa9-11dd-b43d-001d097ff0cb}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{0bc142a7-c975-11dc-b3df-001d097ff0cb}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 10:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/06/15 09:14:33 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/15 09:14:33 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/15 09:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/15 09:14:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/15 09:14:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/15 09:14:25 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/15 09:14:23 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/15 09:14:23 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/15 09:14:23 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/15 09:14:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/15 09:14:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/15 09:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/15 09:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/15 08:30:24 | 003,350,512 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Stephen Cornwell\Desktop\SecurityScan_Release.exe
[2011/06/15 08:21:09 | 005,568,944 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Stephen Cornwell\Desktop\avg_free_stb_en_2011_1382_free.exe
[2011/06/15 08:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Sammsoft
[2011/06/15 07:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/06/15 07:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/06/14 19:56:34 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe
[2011/06/07 14:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen Cornwell\Desktop\Alexis' Stuff
[2011/05/26 04:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/19 16:02:15 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohcp.dll
[2008/06/19 16:02:15 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll
[2008/06/19 16:02:15 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll
[2008/06/19 16:02:14 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll
[2008/06/19 16:02:14 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll
[2008/06/19 16:02:14 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll
[2008/06/19 16:02:14 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll
[2008/06/19 16:02:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll
[2008/06/19 16:02:14 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocoms.exe
[2008/06/19 16:02:14 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll
[2008/06/19 16:02:14 | 000,365,808 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocfg.exe
[2008/06/19 16:02:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll
[2008/06/19 16:02:14 | 000,320,752 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoih.exe
[2008/06/19 16:02:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll
[8 C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp -> ]
[15 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 16:07:31 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1326893772-630010757-4279459883-1006.job
[2011/06/15 16:07:30 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 16:07:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 16:07:00 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 16:03:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/15 16:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/15 15:43:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1326893772-630010757-4279459883-1006UA.job
[2011/06/15 13:28:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 13:02:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 11:05:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\prvlcl.dat
[2011/06/15 10:32:21 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/15 10:32:21 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/15 10:22:09 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1326893772-630010757-4279459883-1006.job
[2011/06/15 09:14:34 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/15 09:14:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/15 08:43:41 | 077,581,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/15 08:28:08 | 003,350,512 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Stephen Cornwell\Desktop\SecurityScan_Release.exe
[2011/06/15 08:18:39 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to avg_free_stb_en_2011_1382_free.exe.lnk
[2011/06/15 08:13:44 | 005,568,944 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Stephen Cornwell\Desktop\avg_free_stb_en_2011_1382_free.exe
[2011/06/14 19:34:51 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/14 19:34:50 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/06/14 17:03:58 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/06/14 17:03:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/06/14 14:25:24 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Stephen Cornwell.job
[2011/06/14 03:43:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1326893772-630010757-4279459883-1006Core.job
[2011/06/14 03:00:04 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE_sch_B51469BC-4701-11DF-BFD8-001D097FF0CB.job
[2011/06/13 22:13:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/06/13 08:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 06:07:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/05/30 23:40:06 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\mcs.rma
[2011/05/30 22:40:17 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\V CAST Music with Rhapsody.lnk
[2011/05/30 22:40:17 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\V CAST Music with Rhapsody.lnk
[2011/05/30 13:52:31 | 000,164,724 | ---- | M] () -- C:\Documents and Settings\All Users\dldo
[8 C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp -> ]
[15 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 13:05:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 10:32:21 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/15 09:14:34 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/15 08:35:20 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/15 08:18:39 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to avg_free_stb_en_2011_1382_free.exe.lnk
[2011/05/30 22:40:17 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\V CAST Music with Rhapsody.lnk
[2010/12/16 04:34:09 | 000,405,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1326893772-630010757-4279459883-1006-0.dat
[2010/12/16 04:33:55 | 000,369,354 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/16 00:57:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\eautil.dll
[2010/06/13 23:18:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\rx_image.Cache
[2010/04/17 10:51:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\prvlcl.dat
[2010/02/26 00:04:38 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\mcs.rma
[2009/07/19 20:15:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Common
[2009/07/19 20:15:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Colors
[2009/07/19 20:15:35 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/07/19 20:15:35 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Contents
[2008/11/21 00:17:17 | 000,007,843 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/11/19 16:07:31 | 004,761,376 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/19 16:07:31 | 000,086,304 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/11/18 02:57:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/08/31 18:37:26 | 000,000,524 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/19 16:08:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll
[2008/06/19 16:08:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldocoin.dll
[2008/06/19 16:07:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll
[2008/06/19 16:07:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll
[2008/06/19 16:07:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll
[2008/06/19 16:02:15 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldoinst.dll
[2008/06/19 16:02:14 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll
[2008/06/19 16:02:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll
[2008/06/19 16:02:14 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll
[2008/06/19 16:02:14 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll
[2008/06/19 16:02:14 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll
[2008/06/19 16:02:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll
[2008/06/19 16:02:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll
[2008/06/19 16:02:14 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll
[2008/06/19 16:02:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll
[2008/06/19 16:02:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll
[2008/06/19 00:53:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/06/10 11:58:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Basic
[2008/06/10 11:58:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Home
[2008/06/10 11:58:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2008/06/10 11:58:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Resources
[2008/06/10 11:58:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Chords
[2008/06/10 11:58:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\HomePageService
[2008/06/10 11:58:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Robot
[2008/06/10 11:54:57 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/05/11 03:47:01 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2008/05/04 19:10:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/04/29 16:40:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Synthesizers
[2008/04/29 16:40:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Horns
[2008/04/29 16:40:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sample Delay
[2008/04/29 16:37:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/04/16 21:34:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldooem.dll
[2008/04/16 21:34:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMON.DLL
[2008/04/16 21:34:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDOFXPU.DLL
[2008/04/16 21:34:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMRC.DLL
[2008/04/07 10:17:53 | 000,001,510 | ---- | C] () -- C:\WINDOWS\Sketchpad Preferences.dat
[2008/03/25 01:24:38 | 000,065,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/12 18:55:12 | 000,002,934 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/03/02 21:59:17 | 000,000,052 | ---- | C] () -- C:\WINDOWS\specialsaver.ini
[2008/02/08 03:59:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/01/31 22:50:45 | 000,003,936 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\wklnhst.dat
[2008/01/30 06:12:03 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/28 18:03:40 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/28 18:03:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\888056906B.sys
[2008/01/24 16:36:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mcw32.dll
[2008/01/24 15:37:19 | 000,002,470 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/23 14:29:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/22 23:14:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/18 03:26:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 03:22:21 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/18 03:22:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/18 03:01:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 03:00:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/18 02:59:52 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/06/19 15:25:08 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 15:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 001,604,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,507,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,090,052 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/01/28 13:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\968 Series
[2008/10/17 10:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/06/15 10:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/06/15 09:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/16 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/07/19 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/04/28 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/05/27 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/07/05 10:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/07/05 10:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/09/19 00:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/01/30 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/07/19 20:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/04/13 09:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/11/19 16:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/07/05 10:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2009/01/27 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2008/02/27 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/01/18 03:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/01/18 03:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/12 22:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/15 08:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/19 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/10/17 10:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 18:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/05 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/24 11:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/02/03 18:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\968 Series
[2008/10/02 13:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Anthropics
[2009/07/05 00:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\AVGTOOLBAR
[2009/04/21 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/08 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Costco Photo Organizer
[2010/06/16 01:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\EasyJob Resume Builder
[2010/05/03 18:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Facebook
[2008/11/26 18:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Flickr
[2008/05/15 19:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Gamelab
[2009/07/04 10:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\HDRsoft
[2008/05/26 14:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\My Games
[2008/02/11 21:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Netscape
[2009/07/19 20:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Nikon
[2008/02/29 21:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\RapidSolution Software AG
[2008/02/27 02:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\RTPlayer
[2011/06/15 08:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Sammsoft
[2010/09/27 17:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Smith Micro
[2008/04/05 01:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Snapfish
[2008/01/31 22:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Template
[2009/09/09 22:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Titanium Gears
[2008/11/18 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Uniblue
[2008/04/05 07:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Wal-Mart
[2010/07/22 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\WeatherBug
[2011/06/14 19:34:51 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/06/14 19:34:50 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/06/08 06:07:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/06/15 16:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\specialsaver.scr:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Setup.exe:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Xilisoft Corporation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Untitled Gallery:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Radiotracker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\PDB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Musicnotes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Demo Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Batched Wedding pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\australia_flag.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Virus Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Unused Desktop Shortcuts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\recipes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Music for Carol:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\LinksysConnectPC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\LEASE for Fairlawns Tendrich:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\HIGH SCHOOL PREP FOLDER FOR JON AND TIFF IMPORTANT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Edited Pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Boat Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\16329 House Stuff:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
Here's the log after aswMBR.ex was run:

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-15 16:26:44
-----------------------------
16:26:44.203 OS Version: Windows 5.1.2600 Service Pack 3
16:26:44.203 Number of processors: 2 586 0xF0D
16:26:44.203 ComputerName: FAIRLAWNS UserName:
16:26:45.125 AVAST engine 6.0.1125 defs: 11061501
16:26:45.125 Initialize success
16:26:58.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:26:58.031 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-22 Size: 152587MB BusType: 3
16:27:00.031 Disk 0 MBR read successfully
16:27:00.031 Disk 0 MBR scan
16:27:00.031 Disk 0 Windows XP default MBR code
16:27:02.031 Disk 0 scanning sectors +312496380
16:27:02.062 Disk 0 scanning C:\WINDOWS\system32\drivers
16:27:09.140 Service scanning
16:27:10.125 Disk 0 trace - called modules:
16:27:10.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:27:10.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a782ab8]
16:27:10.140 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000070[0x8a7b4f18]
16:27:10.140 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a784d98]
16:27:10.640 AVAST engine scan C:\WINDOWS\system32
16:27:14.171 File C:\WINDOWS\system32\avgrsstx.dll **INFECTED** Win32:Malware-gen
16:28:44.906 Scan finished successfully
16:29:48.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stephen Cornwell\Desktop\Virus Stuff\MBR.dat"
16:29:48.906 The log file has been saved successfully to "C:\Documents and Settings\Stephen Cornwell\Desktop\Virus Stuff\aswMBR.txt"
  • 0

#4
Carol C.
Posted 15 June 2011 - 02:42 PM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Went to remove 4 AVs- control panel- add or remove programs. The AVs are??? Avery toolbar, Avery Wizard, Avast Antivirus, and AVG Free 8.5??? Thank you!
  • 0

#5
Carol C.
Posted 15 June 2011 - 02:44 PM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Or is it the 4 AVs: Antivirus programs running? AVR, Avast, and what else? Norton or McAfee Security Scans, and AOR??
  • 0

#6
Essexboy
Posted 15 June 2011 - 03:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My apologies for the shorthand

Yes it is the antivirus - which one do you wish to keep, although it appears that AVG is infected

16:27:10.640 AVAST engine scan C:\WINDOWS\system32
16:27:14.171 File C:\WINDOWS\system32\avgrsstx.dll **INFECTED** Win32:Malware-gen
16:28:44.906 Scan finished successfully


You have a choice as to which to keep

Avast
AVG
McAfee
Norton

Select one and remove the rest

What are your current problems ?

Could you now try a quick scan with Malwarebytes (after updating) and post the resultant log please
  • 0

#7
Carol C.
Posted 15 June 2011 - 04:20 PM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Thank you for your help. The computer ran much better, and I was able to get into the internet via Mozilla Firefox, however upon removing AVR 8.5 and then Norton, I got back into the virus running on the computer again. So again, I am using my laptop. I couldn't run the Malwarebytes program either. Should I run OTL again and give you the notes again? Thanks so much for your patience!
  • 0

#8
Carol C.
Posted 15 June 2011 - 09:29 PM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
It is getting worse at this point. Any program that is double clicked in order to open (i.e. Malawarebytes, OLT.EXE, asks WHAT program do you want to open it with, and then can't find it (gone).
"Choose the program you want to open this file"....."You have chosen to open, would you like to save the file",.... yes... download application.... "application not found" .... :)
  • 0

#9
Carol C.
Posted 15 June 2011 - 10:43 PM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Can't find "Excel" in my computer when clicked on to open at all..... need that badly, can't open many things.... thank you!
  • 0

#10
Carol C.
Posted 16 June 2011 - 06:28 AM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Ok trying again it won't post my message on my other computer now??? Posted Kaspersky's read out, maybe that readout has a virus and it won't post it! So help!
  • 0

#11
Carol C.
Posted 16 June 2011 - 09:14 AM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OK, so in the time that I have had, I ran a new "Quick Scan" with OTL.com (exe doesn't work), and here are the results:



OTL logfile created on: 6/16/2011 10:27:30 AM - Run 6
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Stephen Cornwell\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.69% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 40.69 Gb Free Space | 27.31% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.87 Gb Free Space | 92.21% Space Free | Partition Type: FAT32

Computer Name: FAIRLAWNS | User Name: Stephen Cornwell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 11:35:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephen Cornwell\Desktop\OTL.com
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/13 20:12:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\runonce.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/10/11 01:19:24 | 003,111,400 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2005\QBW32.EXE
PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldocoms.exe
PRC - [2007/10/02 21:15:21 | 000,086,016 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 11:35:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephen Cornwell\Desktop\OTL.com
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/08/28 17:15:30 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/24 16:11:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/16 14:51:11 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/05/25 13:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/30 10:35:38 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - [2011/06/16 01:14:27 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/14 09:42:41 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/02/24 11:15:35 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/24 11:15:34 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/22 02:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 02:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/07/03 15:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 15:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/13 22:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/12/18 21:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/06/12 20:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2001/01/08 09:53:24 | 000,015,576 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080118
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/08 13:52:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/15 09:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/06/16 01:39:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/06/16 01:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 13:34:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 07:19:18 | 000,000,000 | ---D | M]

[2008/11/19 12:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Extensions
[2011/06/16 09:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions
[2011/06/16 08:19:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/16 08:19:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/05 00:50:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/12/06 21:13:05 | 000,000,000 | ---D | M] (Elf 1.13 Community Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2008/12/22 20:06:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/12/06 21:13:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2009/10/14 05:41:33 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2011/06/16 08:19:36 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/04/09 19:50:36 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2010/01/29 20:11:06 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\Stephen Cornwell\Application Data\Mozilla\Firefox\Profiles\f40v0wcz.default\extensions\[email protected]
[2011/06/16 09:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 22:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/06/16 01:21:35 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/12/01 17:25:02 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/06/15 23:13:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [3576839173] File not found
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} https://vmodlms.wide...ZWDLManager.cab (DLManager Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab (Zenfolio Uploader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macrom...abs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/30 15:25:09 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{036d7135-7fa9-11dd-b43d-001d097ff0cb}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{0bc142a7-c975-11dc-b3df-001d097ff0cb}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\llq.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 09:46:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephen Cornwell\Desktop\OTL.com
[2011/06/16 01:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011/06/16 01:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/06/16 01:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/06/16 01:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/16 01:14:27 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/06/16 01:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/06/15 16:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen Cornwell\Desktop\Virus fix
[2011/06/15 09:14:33 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/15 09:14:33 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/15 09:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/15 09:14:26 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/15 09:14:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/15 09:14:25 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/15 09:14:23 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/15 09:14:23 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/15 09:14:23 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/15 09:14:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/15 09:14:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/15 09:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/15 09:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/15 08:30:24 | 003,350,512 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Stephen Cornwell\Desktop\SecurityScan_Release.exe
[2011/06/15 08:21:09 | 005,568,944 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Stephen Cornwell\Desktop\avg_free_stb_en_2011_1382_free.exe
[2011/06/15 08:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Sammsoft
[2011/06/15 07:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/06/15 07:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/06/07 14:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen Cornwell\Desktop\Alexis' Stuff
[2011/05/26 04:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/19 16:02:15 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohcp.dll
[2008/06/19 16:02:15 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll
[2008/06/19 16:02:15 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll
[2008/06/19 16:02:14 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll
[2008/06/19 16:02:14 | 000,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll
[2008/06/19 16:02:14 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll
[2008/06/19 16:02:14 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll
[2008/06/19 16:02:14 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll
[2008/06/19 16:02:14 | 000,595,184 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocoms.exe
[2008/06/19 16:02:14 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll
[2008/06/19 16:02:14 | 000,365,808 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocfg.exe
[2008/06/19 16:02:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll
[2008/06/19 16:02:14 | 000,320,752 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoih.exe
[2008/06/19 16:02:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll
[8 C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp -> ]
[15 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 10:28:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 10:01:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/16 09:43:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1326893772-630010757-4279459883-1006UA.job
[2011/06/16 03:43:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1326893772-630010757-4279459883-1006Core.job
[2011/06/16 03:00:15 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE_sch_B51469BC-4701-11DF-BFD8-001D097FF0CB.job
[2011/06/16 01:48:37 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/16 01:39:33 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/06/16 01:39:33 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/16 01:14:27 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/06/16 00:35:51 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 00:35:51 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1326893772-630010757-4279459883-1006.job
[2011/06/16 00:35:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 00:35:39 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 23:13:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/15 18:12:16 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1326893772-630010757-4279459883-1006.job
[2011/06/15 17:05:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\prvlcl.dat
[2011/06/15 16:26:29 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to aswMBR.exe.lnk
[2011/06/15 13:02:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 11:35:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephen Cornwell\Desktop\OTL.com
[2011/06/15 09:14:34 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/15 09:14:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/15 08:28:08 | 003,350,512 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Stephen Cornwell\Desktop\SecurityScan_Release.exe
[2011/06/15 08:18:39 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to avg_free_stb_en_2011_1382_free.exe.lnk
[2011/06/15 08:13:44 | 005,568,944 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Stephen Cornwell\Desktop\avg_free_stb_en_2011_1382_free.exe
[2011/06/14 19:34:51 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/06/14 19:34:50 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/06/14 17:03:58 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/06/14 17:03:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/06/14 14:25:24 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Stephen Cornwell.job
[2011/06/13 22:13:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/06/13 08:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 06:07:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/05/30 23:40:06 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\mcs.rma
[2011/05/30 22:40:17 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Microsoft\Internet Explorer\Quick Launch\V CAST Music with Rhapsody.lnk
[2011/05/30 22:40:17 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\V CAST Music with Rhapsody.lnk
[2011/05/30 13:52:31 | 000,164,724 | ---- | M] () -- C:\Documents and Settings\All Users\dldo
[8 C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp files -> C:\Documents and Settings\Stephen Cornwell\Desktop\*.tmp -> ]
[15 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 01:21:17 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/06/16 01:21:17 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/06/15 16:26:29 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to aswMBR.exe.lnk
[2011/06/15 13:05:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 09:14:34 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/15 08:18:39 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Desktop\Shortcut to avg_free_stb_en_2011_1382_free.exe.lnk
[2011/05/30 22:40:17 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\V CAST Music with Rhapsody.lnk
[2010/12/16 04:34:09 | 000,405,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1326893772-630010757-4279459883-1006-0.dat
[2010/12/16 04:33:55 | 000,369,354 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/16 00:57:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\eautil.dll
[2010/06/13 23:18:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\rx_image.Cache
[2010/04/17 10:51:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\prvlcl.dat
[2010/02/26 00:04:38 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\mcs.rma
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/07/19 20:15:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Common
[2009/07/19 20:15:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Colors
[2009/07/19 20:15:35 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/07/19 20:15:35 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Contents
[2008/11/21 00:17:17 | 000,007,843 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/11/19 16:07:31 | 004,761,376 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/19 16:07:31 | 000,086,304 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/11/18 02:57:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/08/31 18:37:26 | 000,000,524 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/19 16:08:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll
[2008/06/19 16:08:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldocoin.dll
[2008/06/19 16:07:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll
[2008/06/19 16:07:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll
[2008/06/19 16:07:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll
[2008/06/19 16:02:15 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldoinst.dll
[2008/06/19 16:02:14 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll
[2008/06/19 16:02:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll
[2008/06/19 16:02:14 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll
[2008/06/19 16:02:14 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll
[2008/06/19 16:02:14 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll
[2008/06/19 16:02:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll
[2008/06/19 16:02:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll
[2008/06/19 16:02:14 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll
[2008/06/19 16:02:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll
[2008/06/19 16:02:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll
[2008/06/19 00:53:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/06/10 11:58:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Basic
[2008/06/10 11:58:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Home
[2008/06/10 11:58:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2008/06/10 11:58:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Resources
[2008/06/10 11:58:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Chords
[2008/06/10 11:58:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\HomePageService
[2008/06/10 11:58:41 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Robot
[2008/06/10 11:54:57 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/05/11 03:47:01 | 000,015,576 | R--- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2008/05/04 19:10:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/04/29 16:40:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Synthesizers
[2008/04/29 16:40:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\Horns
[2008/04/29 16:40:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sample Delay
[2008/04/29 16:37:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/04/16 21:34:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldooem.dll
[2008/04/16 21:34:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMON.DLL
[2008/04/16 21:34:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDOFXPU.DLL
[2008/04/16 21:34:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMRC.DLL
[2008/04/07 10:17:53 | 000,001,510 | ---- | C] () -- C:\WINDOWS\Sketchpad Preferences.dat
[2008/03/25 01:24:38 | 000,065,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/12 18:55:12 | 000,002,934 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/03/02 21:59:17 | 000,000,052 | ---- | C] () -- C:\WINDOWS\specialsaver.ini
[2008/02/08 03:59:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/01/31 22:50:45 | 000,003,936 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Application Data\wklnhst.dat
[2008/01/30 06:12:03 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Stephen Cornwell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/28 18:03:40 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/01/28 18:03:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\888056906B.sys
[2008/01/24 16:36:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mcw32.dll
[2008/01/24 15:37:19 | 000,002,470 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/23 14:29:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/22 23:14:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/18 03:26:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 03:22:21 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/01/18 03:22:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/18 03:01:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 03:00:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/18 02:59:52 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/06/19 15:25:08 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 15:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 001,604,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,507,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,090,052 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/01/28 13:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\968 Series
[2008/10/17 10:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/06/15 19:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/06/15 09:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/16 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/07/19 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/04/28 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/05/27 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/07/05 10:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/07/05 10:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/09/19 00:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/01/30 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/07/19 20:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/04/13 09:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/11/19 16:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2010/07/05 10:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2009/01/27 16:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2008/02/27 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/01/18 03:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/01/18 03:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/12 22:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/16 01:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/19 20:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/10/17 10:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 18:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/05 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/24 11:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/02/03 18:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\968 Series
[2008/10/02 13:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Anthropics
[2009/04/21 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/08 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Costco Photo Organizer
[2010/06/16 01:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\EasyJob Resume Builder
[2010/05/03 18:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Facebook
[2008/11/26 18:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Flickr
[2008/05/15 19:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Gamelab
[2009/07/04 10:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\HDRsoft
[2008/05/26 14:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\My Games
[2008/02/11 21:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Netscape
[2009/07/19 20:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Nikon
[2008/02/29 21:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\RapidSolution Software AG
[2008/02/27 02:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\RTPlayer
[2011/06/15 08:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Sammsoft
[2010/09/27 17:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Smith Micro
[2008/04/05 01:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Snapfish
[2008/01/31 22:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Template
[2009/09/09 22:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Titanium Gears
[2008/11/18 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Uniblue
[2008/04/05 07:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\Wal-Mart
[2010/07/22 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen Cornwell\Application Data\WeatherBug
[2011/06/14 19:34:51 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/06/14 19:34:50 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/06/08 06:07:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/06/16 10:01:01 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\specialsaver.scr:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Setup.exe:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Xilisoft Corporation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Untitled Gallery:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Radiotracker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\PDB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Musicnotes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Demo Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\Batched Wedding pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\My Documents\australia_flag.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Virus Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Unused Desktop Shortcuts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\recipes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Music for Carol:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\LinksysConnectPC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\LEASE for Fairlawns Tendrich:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\HIGH SCHOOL PREP FOLDER FOR JON AND TIFF IMPORTANT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Edited Pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\Boat Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Stephen Cornwell\Desktop\16329 House Stuff:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

#12
Essexboy
Posted 16 June 2011 - 10:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time to get rough with this I feel. The open with command has been altered again so.......

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#13
Carol C.
Posted 16 June 2011 - 11:54 AM

Carol C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
My son who is majoring in computer science, finally looked at my computer, and he did a previous restore point, so now I began to run Malawarebytes antimalware. After that is done I will finish any steps above as well to complete the process. I am not quite sure all is ok at this point, so after the Malawarebytes Antimalware program is run, I will do as your above post, unless you suggest otherwise beforehand. Thank you!
  • 0

#14
Essexboy
Posted 16 June 2011 - 11:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No tis not a problem - follow the previous, although you may not need RogueKiller
  • 0

#15
Essexboy
Posted 21 June 2011 - 11:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP