[mewsick75]

Hey,
I tried to run the applications that you guys recommend but every time I go to run anything, I get the "Open with" box that pop's up and I can't get anywhere or post any logs.
I need help.

Thanks

[Advertisements]

Hi, mewsick75! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download RogueKiller to your desktop.

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



Step 4.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 5.

Please Post:

both RkReport.txt files
aswMBR log
OTL.txt
Extras.txt


How is your computer doing? Have your open with issues gone away?

Edited by CompCav, 26 December 2011 - 01:27 PM.

[CompCav]

Hi, mewsick75! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download RogueKiller to your desktop.

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 2.

Rerun RogueKiller

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


Step 3.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



Step 4.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 5.

Please Post:

both RkReport.txt files
aswMBR log
OTL.txt
Extras.txt


How is your computer doing? Have your open with issues gone away?

Edited by CompCav, 26 December 2011 - 01:27 PM.

[mewsick75]

I tried to run those programs but they would either fail halfway through or if they did finish running there were no results and I couldn't save or read a text file.

What should I do next?

[CompCav]

Can you run RogueKiller option 2 at least?

If not try renaming it as suggested in my post.

[mewsick75]

I tried to rename the application but It just fails about 90% through.

[CompCav]

OK let's try something else.

Please download and run RKill from here:

RKill.com

Then try to run it. Once it completes then immediately run RogueKiller and the others in the order they are posted in post #2.

If that one does not work then try this one:

RKill.scr

Edited by CompCav, 26 December 2011 - 10:48 PM.

[mewsick75]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/26/2011 at 23:33:30.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\grpconv.exe


Rkill completed on 12/26/2011 at 23:33:34.




RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ceil [Admin rights]
Mode: Remove -- Date : 12/26/2011 23:35:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : advMainCtrl (rundll32.exe "C:\Documents and Settings\Ceil\Local Settings\Application Data\kbdNetSched\advMainCtrl.dll",HandlerEvent80 smpMouseClock) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] f0abfee78d2cb7e7370f9620e0fd8bf1
[BSP] f3ea2621b76ae7a2a902c4a95b6165ff : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 250048 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ceil [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/26/2011 23:38:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 7 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 71 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 641 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+3 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-26 23:40:02
-----------------------------
23:40:02.062 OS Version: Windows 5.1.2600 Service Pack 3
23:40:02.062 Number of processors: 2 586 0x170A
23:40:02.062 ComputerName: CEIL-C6C985ADA7 UserName: Ceil
23:40:02.500 Initialize success
23:40:11.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:40:11.703 Disk 0 Vendor: ST9250410AS D005SDM1 Size: 238475MB BusType: 3
23:40:13.734 Disk 0 MBR read successfully
23:40:13.734 Disk 0 MBR scan
23:40:13.734 Disk 0 Windows XP default MBR code
23:40:13.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
23:40:13.750 Disk 0 scanning sectors +488376000
23:40:13.828 Disk 0 scanning C:\WINDOWS\system32\drivers
23:40:18.671 Service scanning
23:40:19.500 Modules scanning
23:40:22.812 Disk 0 trace - called modules:
23:40:22.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
23:40:22.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a49cab8]
23:40:22.843 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a48cd98]
23:40:23.359 Scan finished successfully
23:40:47.109 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
23:40:47.125 The log file has been saved successfully to "E:\aswMBR.txt"


OTL logfile created on: 12/26/2011 11:43:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ceil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 86.69% Memory free
4.81 Gb Paging File | 4.60 Gb Available in Paging File | 95.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 212.66 Gb Free Space | 91.32% Space Free | Partition Type: NTFS
Drive E: | 29.80 Gb Total Space | 29.79 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: CEIL-C6C985ADA7 | User Name: Ceil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 13:35:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ceil\Desktop\OTL.exe
PRC - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 20:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 19:28:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 19:28:01 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 19:26:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 05:51:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 05:50:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 05:50:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/09/05 20:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/15 12:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/11/21 17:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/10/07 00:01:00 | 000,268,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/10/06 08:55:22 | 000,144,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/07/24 09:03:00 | 000,289,664 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/06/26 05:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007/09/05 20:25:30 | 001,246,456 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=IP2TDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.143
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:1.2.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...F&PC=IP2TDF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2011/04/26 15:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/30 07:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 19:33:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 21:04:48 | 000,000,000 | ---D | M]

[2010/09/08 21:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Extensions
[2011/12/19 12:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions
[2010/12/24 07:16:33 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/03/20 08:33:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/30 21:14:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/08 14:32:33 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\searchplugins\bing.xml
[2011/12/19 12:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/26 13:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/26 15:51:51 | 000,000,000 | ---D | M] (Norton Safe Web Lite Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\COFFNST
[2011/10/30 07:16:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/11/30 21:15:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/27 15:17:54 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Ceil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003..\Run: [AROReminder] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E3326D0-2CDE-4AE7-AEFA-9B8ECCAF1DED}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Ceil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ceil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/08 19:22:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 23:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ceil\Desktop\RK_Quarantine
[2011/12/26 21:54:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ceil\Desktop\OTL.exe
[2011/12/26 17:19:22 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ceil\Desktop\aswMBR.exe
[2011/12/26 17:05:17 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2011/12/26 12:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ceil\Application Data\Malwarebytes
[2011/12/26 12:54:40 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/26 12:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 12:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/26 12:54:37 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/26 12:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/04 16:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/12/04 16:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/12/04 16:54:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Ceil\PrivacIE
[2011/12/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ceil\Application Data\OpenCandy
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 23:39:24 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/26 23:36:41 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/26 23:36:41 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/26 23:32:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 23:32:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-790525478-1801674531-1003.job
[2011/12/26 23:32:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 23:29:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\rkill.com
[2011/12/26 22:54:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 17:16:38 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ceil\Desktop\aswMBR.exe
[2011/12/26 17:02:20 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\winlogon.exe.exe
[2011/12/26 17:02:20 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\RogueKiller.exe
[2011/12/26 13:35:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ceil\Desktop\OTL.exe
[2011/12/26 13:16:23 | 000,014,404 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\06d4n081y8hot0w52g4px
[2011/12/26 13:16:22 | 000,014,404 | --S- | M] () -- C:\Documents and Settings\Ceil\Local Settings\Application Data\06d4n081y8hot0w52g4px
[2011/12/26 12:54:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 12:46:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/20 19:28:00 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/20 19:25:06 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/20 19:18:51 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-790525478-1801674531-1003.job
[2011/12/20 07:09:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/14 19:55:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/10 08:43:08 | 000,000,074 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/12/09 20:00:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/05 16:19:26 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Ceil.job
[2011/12/04 16:55:05 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\Bookworm Adventures.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\Check PC For Errors.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ceil\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/26 23:35:35 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/26 23:33:06 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\RogueKiller.exe
[2011/12/26 23:33:03 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\rkill.com
[2011/12/26 17:04:41 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\winlogon.exe.exe
[2011/12/26 12:54:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 22:00:03 | 000,014,404 | --S- | C] () -- C:\Documents and Settings\Ceil\Local Settings\Application Data\06d4n081y8hot0w52g4px
[2011/12/19 22:00:03 | 000,014,404 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\06d4n081y8hot0w52g4px
[2011/12/09 18:53:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 16:55:05 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\Bookworm Adventures.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\Check PC For Errors.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ceil\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/11/02 16:47:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Ceil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 15:55:45 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/04/18 14:09:24 | 000,000,043 | ---- | C] () -- C:\WINDOWS\spookydisplay.ini
[2011/03/30 08:53:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe
[2011/03/30 08:53:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini
[2010/10/01 16:56:57 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/09/29 12:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/09/21 19:40:58 | 000,141,993 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2010/09/21 19:40:58 | 000,000,602 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2010/09/21 14:05:50 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/09/20 18:45:40 | 000,000,074 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/20 18:45:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/09/08 21:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/08 19:40:29 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/09/08 19:40:28 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/09/08 19:40:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2010/09/08 19:24:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 19:20:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/08 15:11:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/08 15:10:31 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,436,276 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,069,006 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/11/26 20:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/11/12 18:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/20 18:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/11/26 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/18 13:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/06/11 15:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\MSNInstaller
[2010/12/03 09:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\Oberon Media
[2011/12/04 16:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\OpenCandy
[2011/03/13 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\Skinux
[2010/12/24 07:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\Sony Online Entertainment
[2010/09/23 18:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\SpinTop Games
[2011/11/13 08:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\TechWizard
[2010/09/08 19:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\TMP
[2011/11/26 20:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\VampireSaga
[2011/05/08 15:36:39 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 6
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0D1FCB56-8312-4749-A55A-7F53CDA5D3BB}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6AB90326-9FAB-4CBE-905A-3B7313C59AE0}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8E3326D0-2CDE-4AE7-AEFA-9B8ECCAF1DED}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C7D8BEC8-CAC7-476E-A026-11960D0B21D6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DF98B943-EE5E-48B8-B5F1-685A3987825C}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 07:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 04 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2008/04/14 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204BEE0F

< End of report >


OTL Extras logfile created on: 12/26/2011 11:43:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ceil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 86.69% Memory free
4.81 Gb Paging File | 4.60 Gb Available in Paging File | 95.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 212.66 Gb Free Space | 91.32% Space Free | Partition Type: NTFS
Drive E: | 29.80 Gb Total Space | 29.79 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: CEIL-C6C985ADA7 | User Name: Ceil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{149C2374-E707-4B53-A487-A2DA2064E03D}" = Vz In Home Agent
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{261F2A97-EF19-44F7-8040-78DC574CD22A}" = Intel® PROSet/Wireless WiFi Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{413AA75E-64BA-470A-98D1-1ECC0F0DA175}" = J3600_Basic
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110206700}" = Bejeweled
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118787317}" = Vampire Saga - Pandoras Box
"{859963C1-E908-49E8-9FA3-9E833D717563}" = IHA_MessageCenter
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFDAB4B7-E5CE-4277-9ABB-8D8C5E12853D}" = 3600_Help
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E593C3B6-6C5A-4AFC-A4F7-CCB94F60C888}" = BPDSoftware_Ini
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ECF40A6B-F164-493E-AD93-8B9946871BC5}" = HP OfficeJet J3600
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"am-bookwormadventures" = Bookworm Adventures
"amg-zumadeluxe" = Zuma Deluxe
"ARO 2011_is1" = ARO 2011
"Bookworm Deluxe" = Bookworm Deluxe
"Clifford Reading" = Clifford Reading
"Creative OA009" = Integrated Webcam Driver (1.01.01.1007)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Logical Journey of the Zoombinis" = Logical Journey of the Zoombinis
"Logical Journey of the Zoombinis V1.1.0" = Logical Journey of the Zoombinis V1.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mind Benders Beginning 1" = Mind Benders Beginning 1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MSB Dino" = Magic School Bus - Dinosaurs
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery P.I. - Stolen in San Francisco" = Mystery P.I. - Stolen in San Francisco
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"Owl and Mouse Learn Letters" = Owl and Mouse Learn Letters
"Peggle Nights 1.0" = Peggle Nights 1.0
"Plants vs. Zombies" = Plants vs. Zombies
"PopCap Browser Plugin" = PopCap Browser Plugin
"ProInst" = Intel PROSet Wireless
"Reader Rabbit Learn To Read With Phonics" = Reader Rabbit Learn To Read With Phonics
"RealPlayer 12.0" = RealPlayer
"Revenge of the Riddle Spiders A1" = Revenge of the Riddle Spiders A1
"Scholastic's I SPY Spooky Mansion" = Scholastic's I SPY Spooky Mansion
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-Clone Wars" = Clone Wars

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2011 10:15:57 PM | Computer Name = CEIL-C6C985ADA7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/15/2011 10:15:57 PM | Computer Name = CEIL-C6C985ADA7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2011 10:15:57 PM | Computer Name = CEIL-C6C985ADA7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2011 10:15:57 PM | Computer Name = CEIL-C6C985ADA7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2011 10:15:57 PM | Computer Name = CEIL-C6C985ADA7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/15/2011 10:15:57 PM | Computer Name = CEIL-C6C985ADA7 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/26/2011 6:07:45 PM | Computer Name = CEIL-C6C985ADA7 | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/26/2011 6:11:32 PM | Computer Name = CEIL-C6C985ADA7 | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/26/2011 6:11:56 PM | Computer Name = CEIL-C6C985ADA7 | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/26/2011 6:13:55 PM | Computer Name = CEIL-C6C985ADA7 | Source = Application Error | ID = 1000
Description = Faulting application winlogon.exe.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

[ OSession Events ]
Error - 10/22/2010 8:06:15 PM | Computer Name = CEIL-C6C985ADA7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2177 seconds with 180 seconds of active time. This session ended with a
crash.

Error - 12/12/2010 12:14:09 PM | Computer Name = CEIL-C6C985ADA7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/12/2010 12:14:16 PM | Computer Name = CEIL-C6C985ADA7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/12/2010 12:14:19 PM | Computer Name = CEIL-C6C985ADA7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/12/2010 12:14:24 PM | Computer Name = CEIL-C6C985ADA7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/26/2011 2:26:32 PM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7001
Description = The ATM ARP Client Protocol service depends on the TCP/IP Protocol
Driver service which failed to start because of the following error: %%31

Error - 12/26/2011 2:26:32 PM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/26/2011 2:26:32 PM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/26/2011 2:26:32 PM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/26/2011 2:26:32 PM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/26/2011 2:26:32 PM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 12/26/2011 2:38:37 PM | Computer Name = CEIL-C6C985ADA7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/26/2011 2:49:29 PM | Computer Name = CEIL-C6C985ADA7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/26/2011 6:02:08 PM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058

Error - 12/27/2011 12:32:36 AM | Computer Name = CEIL-C6C985ADA7 | Source = Service Control Manager | ID = 7000
Description = The Microsoft TV/Video Connection service failed to start due to the
following error: %%1058


< End of report >

[CompCav]

Great job getting all of them to run

I appreciate your determination it helps us to help you!

CompCav

[mewsick75]

Thanks, looking forward to what I have to do next.

[CompCav]

What problems are you having with your computer now?

[mewsick75]

The computer seems to be running pretty well now.
Are we done or are there more steps?

[CompCav]

There are more steps, because the main infection still needs to be removed. I will post the next step (major fix) later today, once I have it approved.

CompCav

[CompCav]

Step 1.

OTL Fix


We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  FF - prefs.js..extensions.enabledItems: [email protected]:1.0
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
  [2011/03/26 13:10:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
  [2010/11/30 21:15:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
  [2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
  CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
  CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
  O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  [2011/12/04 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ceil\Application Data\OpenCandy
  [2011/12/26 13:16:23 | 000,014,404 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\06d4n081y8hot0w52g4px
  [2011/12/26 13:16:22 | 000,014,404 | --S- | M] () -- C:\Documents and Settings\Ceil\Local Settings\Application Data\06d4n081y8hot0w52g4px
  [2011/12/04 16:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\OpenCandy
  @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6
  @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:204BEE0F
  
  
  :files
  ipconfig /flushdns /c
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [createrestorepoint]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3.

Re run OTL from your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  grpconv.exe
  grpconv.*
  /md5stop
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open one notepad window, OTL.Txt.
• Post the log

Step 4.

Please post:

OTL fix log
mbam log
OTL.txt

What problems do you now have?

[mewsick75]

All processes killed
========== OTL ==========
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll moved successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Ceil\Application Data\OpenCandy\OpenCandy_CBA22B99AE5645BC86FA2753D314B090 folder moved successfully.
C:\Documents and Settings\Ceil\Application Data\OpenCandy\CBA22B99AE5645BC86FA2753D314B090 folder moved successfully.
C:\Documents and Settings\Ceil\Application Data\OpenCandy folder moved successfully.
C:\Documents and Settings\All Users\Application Data\06d4n081y8hot0w52g4px moved successfully.
C:\Documents and Settings\Ceil\Local Settings\Application Data\06d4n081y8hot0w52g4px moved successfully.
Folder C:\Documents and Settings\Ceil\Application Data\OpenCandy\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:813B8EB6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:204BEE0F deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ceil\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ceil\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ceil
->Temp folder emptied: 1064975341 bytes
->Temporary Internet Files folder emptied: 90969177 bytes
->Java cache emptied: 24426976 bytes
->FireFox cache emptied: 42197573 bytes
->Google Chrome cache emptied: 9887824 bytes
->Flash cache emptied: 3111401 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49554 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 3770897 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39488820 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 143419163 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,359.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12272011_151307

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/27/2011 6:09:15 PM
mbam-log-2011-12-27 (18-09-15).txt

Scan type: Quick scan
Objects scanned: 160631
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL logfile created on: 12/27/2011 6:12:28 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ceil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 83.78% Memory free
4.81 Gb Paging File | 4.46 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.98 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
Drive E: | 29.80 Gb Total Space | 29.79 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: CEIL-C6C985ADA7 | User Name: Ceil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 13:35:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ceil\Desktop\OTL.exe
PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/10/30 07:15:59 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/02/23 16:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
PRC - [2010/04/05 15:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 12:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/17 14:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/01/31 21:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 20:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/09/05 20:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 02:22:33 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/10/13 19:28:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 19:26:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 05:51:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 05:50:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 05:50:10 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/03/13 13:03:21 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/03/13 13:03:21 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/03/13 13:03:21 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/03/13 13:03:21 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/03/13 13:03:21 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/03/13 13:03:21 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/03/13 13:03:21 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/03/13 13:03:21 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/03/13 13:03:21 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/03/13 13:03:21 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/03/13 13:03:21 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/03/13 13:03:21 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/03/13 13:03:20 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/03/13 13:03:20 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/03/13 13:03:20 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/03/13 13:03:20 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/03/13 13:03:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/03/13 13:03:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/03/13 13:03:20 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/03/13 13:03:20 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/03/13 13:03:20 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/03/13 13:03:20 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/03/13 13:03:20 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/03/13 13:03:20 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/03/13 13:03:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/03/13 13:03:20 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/03/13 13:03:20 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/03/13 13:03:20 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/03/13 13:03:20 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/03/13 13:03:20 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/03/13 13:03:19 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/03/13 13:03:19 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/03/13 13:03:19 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/03/13 13:03:19 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx


========== Win32 Services (SafeList) ==========

SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/09/05 20:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/04/15 12:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/11/21 17:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/10/07 00:01:00 | 000,268,992 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/10/06 08:55:22 | 000,144,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/07/24 09:03:00 | 000,289,664 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/06/26 05:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007/09/05 20:25:30 | 001,246,456 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...F&PC=IP2TDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.143
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:1.2.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...F&PC=IP2TDF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2011/04/26 15:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/30 07:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 19:33:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 21:04:48 | 000,000,000 | ---D | M]

[2010/09/08 21:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Extensions
[2011/12/19 12:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions
[2010/12/24 07:16:33 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/03/20 08:33:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/30 21:14:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/08 14:32:33 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\searchplugins\bing.xml
[2011/12/19 12:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/26 15:51:51 | 000,000,000 | ---D | M] (Norton Safe Web Lite Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\COFFNST
[2011/10/30 07:16:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/10/27 15:17:54 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Documents and Settings\Ceil\Application Data\Mozilla\Firefox\Profiles\10nm200c.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Ceil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ceil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Ceil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ceil\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/27 15:13:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003..\Run: [AROReminder] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-790525478-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E3326D0-2CDE-4AE7-AEFA-9B8ECCAF1DED}: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Ceil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ceil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/08 19:22:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 15:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 01:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2011/12/27 01:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
[2011/12/26 23:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ceil\Desktop\RK_Quarantine
[2011/12/26 21:54:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ceil\Desktop\OTL.exe
[2011/12/26 17:19:22 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ceil\Desktop\aswMBR.exe
[2011/12/26 17:05:17 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2011/12/26 12:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ceil\Application Data\Malwarebytes
[2011/12/26 12:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 12:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/26 12:54:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/26 12:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/04 16:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/12/04 16:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/12/04 16:54:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ceil\PrivacIE

========== Files - Modified Within 30 Days ==========

[2011/12/27 18:08:10 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/27 18:08:10 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/27 18:04:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/27 18:03:20 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/27 18:03:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-790525478-1801674531-1003.job
[2011/12/27 18:03:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 17:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 16:13:18 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Ceil.job
[2011/12/27 15:13:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/27 01:39:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-790525478-1801674531-1003.job
[2011/12/27 01:30:43 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2011/12/26 23:39:24 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/26 23:29:04 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\rkill.com
[2011/12/26 17:16:38 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ceil\Desktop\aswMBR.exe
[2011/12/26 17:02:20 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\winlogon.exe.exe
[2011/12/26 17:02:20 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\RogueKiller.exe
[2011/12/26 13:35:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ceil\Desktop\OTL.exe
[2011/12/26 12:46:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/20 19:28:00 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/20 19:25:06 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/20 07:09:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/14 19:55:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/10 08:43:08 | 000,000,074 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/12/09 20:00:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 16:55:05 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\Bookworm Adventures.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ceil\Desktop\Check PC For Errors.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ceil\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk

========== Files Created - No Company Name ==========

[2011/12/27 01:30:43 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2011/12/26 23:35:35 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/26 23:33:06 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\RogueKiller.exe
[2011/12/26 23:33:03 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\rkill.com
[2011/12/26 17:04:41 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\winlogon.exe.exe
[2011/12/26 12:54:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 18:53:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/04 16:55:05 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\Bookworm Adventures.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ceil\Desktop\Check PC For Errors.lnk
[2011/12/04 16:55:02 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ceil\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/11/02 16:47:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Ceil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 15:55:45 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/04/18 14:09:24 | 000,000,043 | ---- | C] () -- C:\WINDOWS\spookydisplay.ini
[2011/03/30 08:53:36 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe
[2011/03/30 08:53:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini
[2010/10/01 16:56:57 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/09/29 12:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/09/21 19:40:58 | 000,141,993 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2010/09/21 19:40:58 | 000,000,602 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2010/09/21 14:05:50 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/09/20 18:45:40 | 000,000,074 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/20 18:45:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/09/08 21:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/08 19:40:29 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/09/08 19:40:28 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/09/08 19:40:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2010/09/08 19:24:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 19:20:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/08 15:11:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/08 15:10:31 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,436,276 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,069,006 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/11/26 20:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/11/12 18:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/20 18:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/11/26 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/18 13:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/06/11 15:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\MSNInstaller
[2010/12/03 09:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\Oberon Media
[2011/03/13 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\Skinux
[2010/12/24 07:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\Sony Online Entertainment
[2010/09/23 18:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\SpinTop Games
[2011/11/13 08:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\TechWizard
[2010/09/08 19:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\TMP
[2011/11/26 20:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ceil\Application Data\VampireSaga
[2011/05/08 15:36:39 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: GRPCONV.EXE >
[2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=6DD28A6D99CF7B14B2D1786D143624E0 -- C:\WINDOWS\system32\dllcache\grpconv.exe
[2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=6DD28A6D99CF7B14B2D1786D143624E0 -- C:\WINDOWS\system32\dllcache\grpconv.exe
[2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=6DD28A6D99CF7B14B2D1786D143624E0 -- C:\WINDOWS\system32\grpconv.exe
[2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=6DD28A6D99CF7B14B2D1786D143624E0 -- C:\WINDOWS\system32\grpconv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-17 15:27:33

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >


Running a lot better.

[CompCav]

Running a lot better.

I am glad to hear this!!

Are there any issues you have noted that need to be addressed?

I want you to check Microsoft update to make sure you can still get to it and that it comes up with the list. Click Start> All Programs> Microsoft update (or Windows update if Microsoft update is not on your menu)

Edited by CompCav, 28 December 2011 - 05:11 PM.