[smile29]

Hi, I'm a tech novice and a newbie to to geekstogo! Have windows vista software and norton internet security 2011 installed since last March. Has worked great until a few days ago when I noticed after running "quick scan" it was not "finishing." It remains stuck on "SecurityRisk.URLRedir" without ending. Must cancel the quick scan to end this. It still lists a number of "theats" were resolved and no active "threats" are listed though scan was cancelled early. A quick google search identified norton community site that listed this as a virus and provided link to geekstogo! for help. Any assistance you can provide on how to remove the virus would be appreciated greatly. Also, do I need back up my files quickly? Most are backup but not want to unknowingly transfer virus exteral drive. thanks!

[Advertisements]

Hi, smile29, Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
• I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
• If you are not sure of anything along the way, just ask.

OK, lets start



Could you go through the following steps please, then get back to me with the logs that they create.



1)
OTL Quick Scan
Download OTL to your Desktop

• Double click on the OTL icon to run it.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

If it asks whether you would like to download Avast definitions, click No.




On completion of the scan click save log, save it to your desktop and post it in your next reply.






In your next reply
Please post the contents of...
OTL logs
aswMBR log

[BlackOxide]

Hi, smile29, Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
• I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
• If you are not sure of anything along the way, just ask.

OK, lets start



Could you go through the following steps please, then get back to me with the logs that they create.



1)
OTL Quick Scan
Download OTL to your Desktop

• Double click on the OTL icon to run it.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

If it asks whether you would like to download Avast definitions, click No.




On completion of the scan click save log, save it to your desktop and post it in your next reply.






In your next reply
Please post the contents of...
OTL logs
aswMBR log

[smile29]

Thanks BlackOxide. Before we begin there is an update to communicate. After sending my post to you, Norton Internet Security oftware flashed an alert saying it was not working properly and I needed to respond to message by clicking their prompt to download and run Norton Power Eraser software. This seemed authentic as I previously noticed references to running Power Eraser in the norton community board site where the geekstogo!link was provided. Since I was concerned that the virus was beginning to escalate I continued with prompts.

This resulted in restarting windows program and running Eraser after the download, then trying to run norton security scan again. By the way it did ask me to send a report to Norton due to abnormalities (forget the exact term they used here) while running the scan Did not know if that was significant and did not send report requested.) Next ran "quick" and then "full" norton security virus scans and both completed without the previous problem of stalling at the point of reaching the "securityrisk.urlredir" and preceded to produce the standard green "finished" notice.

Though it appeared it was "fixed" and windows programs are running a bit faster I do not really know. Wondered if I should have reported this but the geekogo! instructions were very clear I was not to reply to my own post until contacted by geekstogo! volunteer staff.

Do apologize if I handled this incorrectly- will gladly proceed with your instructions but want to update you and confirm there are no chances to your directions first. Also, as new geekstogo! user would appreciate your feedback about if/how I should have handled this situation differently for future reference. Thanks! Smile29

[BlackOxide]

Hey,

You handled it just right

The main reason we would like people not to reply to their original post is that it appears to us when we look at the overview of topics, that the person has been replied to and is currently being helped, so it means if you do this you can be easily missed out.

Appreciate the update of information as well, we like to know of things like this, as we only see the results of scans otherwise, so if anything unusual or different happens, just let me know.

If you could still run those two scans above and we'll see if any items are still present.

[smile29]

Thanks for your reply BlackOxide! Below you will find the pasted results of the three reports 1. OLT notepad log , 2 OLT extras log and 3. asMRB log. Appreciate your help, Smile29

1. OLT notepad results...

OTL logfile created on: 1/2/2012 12:12:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\family desktop\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.45 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 25.94% Memory free
2.24 Gb Paging File | 0.82 Gb Available in Paging File | 36.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 147.04 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.53% Space Free | Partition Type: NTFS

Computer Name: FAMILYDESKTO-PC | User Name: family desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 12:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\family desktop\Downloads\OTL.exe
PRC - [2011/04/21 18:47:24 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/11/19 19:37:56 | 001,471,960 | ---- | M] (NetZero, Inc.) -- C:\Program Files\NetZero DSL\ConnectionCenter.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/02/20 04:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 14:36:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 14:34:24 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 14:33:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/15 21:47:03 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/05/03 16:01:00 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll
MOD - [2010/05/03 16:01:00 | 000,679,936 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/05/03 16:01:00 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/05/03 16:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/05/03 16:00:59 | 002,052,096 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll
MOD - [2010/05/03 16:00:59 | 001,339,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll
MOD - [2010/05/03 16:00:59 | 000,835,584 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll
MOD - [2010/05/03 16:00:59 | 000,770,048 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll
MOD - [2010/05/03 16:00:59 | 000,495,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll
MOD - [2010/05/03 16:00:59 | 000,430,080 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll
MOD - [2010/05/03 16:00:58 | 000,013,824 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\MEshim.dll
MOD - [2010/05/03 16:00:56 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/05/03 16:00:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/05/03 16:00:56 | 000,009,728 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/05/03 16:00:54 | 000,405,504 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/05/03 16:00:54 | 000,338,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/05/03 16:00:54 | 000,120,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/05/03 16:00:54 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/05/03 16:00:54 | 000,051,712 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/05/03 16:00:53 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/05/03 16:00:53 | 000,338,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/05/03 16:00:53 | 000,303,104 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/05/03 16:00:53 | 000,246,272 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/05/03 16:00:53 | 000,061,952 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/05/03 16:00:52 | 000,335,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/05/03 16:00:52 | 000,223,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/05/03 16:00:52 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/05/03 16:00:52 | 000,095,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/05/03 16:00:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/05/03 16:00:51 | 001,035,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/05/03 16:00:51 | 000,667,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/05/03 16:00:51 | 000,115,200 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/05/03 16:00:50 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2007/02/20 04:10:20 | 000,192,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx
MOD - [2007/02/20 04:09:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VPCD.dll
MOD - [2007/02/20 02:34:48 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 02:54:50 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 02:54:50 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/19 16:49:30 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120101.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/19 16:49:30 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120101.006\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/05/02 17:12:52 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004/06/09 18:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sacm2A.sys -- (USBCM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.netzer...=minisearch_dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.netzer...=minisearch_dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.netzer...dsl&mn=78822965

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.netzer...=minisearch_dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.netzer...=minisearch_dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/m...rginia/home.cox
IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero DSL\SearchEnh1.dll (NetZero, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\family desktop\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/09/29 20:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_4_3 [2012/01/01 22:36:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\family desktop\AppData\Roaming\Move Networks [2009/10/15 18:25:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Pop-up Blocker) - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll (NetZero, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetZero DSL Toolbar Helper) - {FE3098B3-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero DSL\UcReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (NetZero DSL) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (NetZero DSL) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NetZeroDSL] C:\Program Files\NetZero DSL\ConnectionCenter.exe (NetZero, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0F682C5-670F-4196-9E5E-3AC35412FFE3}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\family desktop\Desktop\millie.jpg
O24 - Desktop BackupWallPaper: C:\Users\family desktop\Desktop\millie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 01:45:03 | 000,000,000 | ---D | C] -- C:\Users\family desktop\AppData\Local\NPE
[2011/12/31 00:59:28 | 000,000,000 | ---D | C] -- C:\Users\family desktop\AppData\Roaming\Tific
[2011/12/19 18:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2009/07/25 14:30:02 | 000,015,429 | ---- | C] ( ) -- C:\Windows\System32\drivers\Sacm2A.sys
[2 C:\Users\family desktop\Documents\*.tmp files -> C:\Users\family desktop\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 12:04:43 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 12:04:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 10:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 22:36:13 | 1062,391,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 22:34:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/27 11:19:15 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - family desktop.job
[2011/12/26 20:33:41 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/26 20:33:41 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 03:30:53 | 000,322,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/03 16:23:20 | 000,002,537 | ---- | M] () -- C:\Users\family desktop\Desktop\ZoomBrowser EX.lnk
[2011/12/03 16:11:46 | 000,143,140 | -H-- | M] () -- C:\Users\family desktop\Desktop\ZbThumbnail.info
[2 C:\Users\family desktop\Documents\*.tmp files -> C:\Users\family desktop\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 17:16:14 | 000,001,940 | ---- | C] () -- C:\Users\family desktop\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/10/20 14:43:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 14:43:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/25 14:30:02 | 000,135,168 | ---- | C] () -- C:\Windows\UNDPX2A.exe
[2009/07/25 14:30:02 | 000,053,693 | ---- | C] () -- C:\Windows\UNDPX2A.sys
[2008/10/26 10:11:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/04 20:48:51 | 000,000,680 | ---- | C] () -- C:\Users\family desktop\AppData\Local\d3d9caps.dat
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/26 15:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/01/24 20:08:08 | 000,015,872 | ---- | C] () -- C:\Users\family desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/22 14:10:01 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/01/22 14:10:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/01/22 14:10:01 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/22 06:27:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2006/11/10 17:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,322,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/07/27 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/29 09:07:59 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\eGames
[2008/05/10 15:11:45 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Scholastic
[2008/12/03 20:53:24 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Shutterfly
[2011/01/18 10:45:43 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Softplicity
[2011/12/31 00:59:28 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Tific
[2012/01/01 22:34:57 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


2. OLT extra.....

OTL Extras logfile created on: 1/2/2012 12:12:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\family desktop\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.45 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 25.94% Memory free
2.24 Gb Paging File | 0.82 Gb Available in Paging File | 36.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 147.04 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.53% Space Free | Partition Type: NTFS

Computer Name: FAMILYDESKTO-PC | User Name: family desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0247B016-C26A-410B-AC20-3055FDD73EB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{0E969287-CD9A-42C9-8EE2-F393ED7E309C}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C1D7FE4-EB57-4467-9184-7A292E6240B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{42F3C302-3FFD-42C4-9E13-7C4087E1385B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43F221F2-95AB-411D-99D5-6C882910CEF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{86AD1517-9171-440A-BB7E-EB060D15AC71}" = rport=137 | protocol=17 | dir=out | app=system |
"{92170FCF-2864-435A-8A79-660EEB16BB3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{930A7589-432C-4D2E-84F7-8FBF6B25E817}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFBD38A9-30D8-4374-A13B-D31650E04591}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C17367A0-34EB-4DE8-8CC4-EAFE4A0F3D1E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CAA4E569-B0EE-4D03-8FC1-F2F527FD4CDF}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{D7804A56-9904-4A52-A5A4-0765CE26DF13}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DF7036-7CE4-4898-B86A-1D2166974824}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B4C6909-1198-4BD5-A831-CEDA41A2132D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D1E2920-153A-4F8B-82F0-74CC8D14B998}" = protocol=58 | dir=out | [email protected],-28546 |
"{4C53399A-34A5-405D-B16B-8A0020B8D78F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E3044E9-1CD7-4B2A-B3A1-5D0015402D21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4FE1C2DD-0F6F-4A6F-B11F-288DC933EFA8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{579A92CB-1C08-49DF-9214-4B0B7963A54B}" = protocol=58 | dir=in | [email protected],-28545 |
"{5A8E2B3F-DD0F-46F9-91A1-0D47264207F3}" = protocol=1 | dir=in | [email protected],-28543 |
"{6098F9BA-4E04-45FA-8CD2-13C08AB2922B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6460A57D-F697-4D77-A5F0-86CD9BC19BCF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67AA0498-7F7D-429B-A94F-422945D7A87E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6DC641F7-4E1F-4360-99DF-57D0A7CB6E88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87D0628B-4321-49A4-B4B6-17A258472413}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FCA9727-E52B-4154-A97A-69D74D3FB480}" = protocol=1 | dir=out | [email protected],-28544 |
"{A72C5DAD-0FA4-4CDF-9275-3EFD0A28B193}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8252E65-97A6-4221-B7E2-2333196F51D9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FBFB901C-83F5-46F6-B12B-F5E3427CAC78}" = dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{300F7127-17A0-48C3-A566-59C4DFE59B74}" = Storybook Weaver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Formatta Filler 7.0" = Formatta Filler 7.0
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"Mia Goes for Great" = Mia Goes for Great (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NetZero DSL" = NetZero Connection Center(remove only)
"NIS" = Norton Internet Security
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Total Audio Converter_is1" = TotalAudioConverter
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2012 3:58:56 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/1/2012 3:58:56 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11279

Error - 1/1/2012 3:58:56 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11279

Error - 1/1/2012 3:58:57 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/1/2012 3:58:57 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12278

Error - 1/1/2012 3:58:57 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12278

Error - 1/1/2012 3:58:58 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/1/2012 3:58:58 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13276

Error - 1/1/2012 3:58:58 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13276

Error - 1/2/2012 1:03:44 PM | Computer Name = familydeskto-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c00 Start Time: 01ccc96fbc905470 Termination Time: 24669

[ System Events ]
Error - 12/31/2011 9:30:53 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/31/2011 9:32:20 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/31/2011 9:32:53 AM | Computer Name = familydeskto-PC | Source = DCOM | ID = 10010
Description =

Error - 12/31/2011 9:38:49 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/31/2011 9:48:15 AM | Computer Name = familydeskto-PC | Source = DCOM | ID = 10010
Description =

Error - 12/31/2011 9:07:39 PM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/1/2012 1:15:42 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/1/2012 10:28:13 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/1/2012 10:29:10 AM | Computer Name = familydeskto-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SMR210\0000 disappeared from the system without
first being prepared for removal.

Error - 1/1/2012 11:34:29 PM | Computer Name = familydeskto-PC | Source = DCOM | ID = 10010
Description =


< End of report >

3. aswMRB log results,,,,

swMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-02 12:41:25
-----------------------------
12:41:25.276 OS Version: Windows 6.0.6002 Service Pack 2
12:41:25.276 Number of processors: 2 586 0xF0D
12:41:25.278 ComputerName: FAMILYDESKTO-PC UserName: family desktop
12:41:30.133 Initialize success
12:42:06.957 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:42:06.960 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
12:42:06.986 Disk 0 MBR read successfully
12:42:06.990 Disk 0 MBR scan
12:42:06.994 Disk 0 Windows VISTA default MBR code
12:42:06.998 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
12:42:07.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
12:42:07.022 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228129 MB offset 21069824
12:42:07.037 Disk 0 scanning sectors +488278016
12:42:07.105 Disk 0 scanning C:\Windows\system32\drivers
12:42:13.996 Service scanning
12:42:15.856 Modules scanning
12:42:25.058 Disk 0 trace - called modules:
12:42:25.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
12:42:25.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ff7ac8]
12:42:25.452 3 CLASSPNP.SYS[865a68b3] -> nt!IofCallDriver -> [0x846f4840]
12:42:25.460 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8470a640]
12:42:25.469 Scan finished successfully
12:44:19.149 Disk 0 MBR has been saved successfully to "C:\Users\family desktop\Documents\MBR.dat"
12:44:19.350 The log file has been saved successfully to "C:\Users\family desktop\Documents\aswMBR 1.2.12 scan.txt"

[BlackOxide]

Thanks for the logs. As they look good, we'll move on to running a couple of others now. The MBAM scan shouldn't take too long, but the Kaspersky scan will be a Full system scan so this could take a few hours depending on the amount of files you have. This is not the full Kaspersky Anti Virus, it is a standalone scanning tool from them and it will uninstall itself when finished



1)
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




2)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.

• Save it to your desktop.
• Double click the setup file to run it.
• Follow the onscreen prompts until it is installed
• Click the Options button (the 'cog' icon), then make sure only the following are ticked:

• System Memory
• Hidden startup objects
• Disk boot sectors
• Local Disk (C:)
• Also any other drives (Removable that you may have)

• Then click on Actions on the left hand side
• Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
• Click on Automatic Scan
• Now click the Start Scanning button, to run the scan
• After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
• Click Detected threats on the left
• Now click the Save button, and save it as kaslog.txt to your Desktop
• Please copy and paste the contents of kaslog.txt in your next reply.

In your next reply
Please post the contents of...
MBAM log
Kaspersky log

[smile29]

Hi BlackOxide, pasted below 1. MBA log info and 2.kaslog report. Please note that in checking the options to run for kaslog selected OS (C:) but did not select documents, computer, recovery(D:) or DVDRW (E:)If I should have included those let me know. The kaslog report seems to indicates there was a trojan horse of some kind. Left kas running overnight as it took a long time. This morning noticed that my Norton did an automatc full can over night as well. That Norton report says it detected and "fully resolved" a tojan horse as well. My question- seems that which ever of these ran first if it disabled the virus it would not have shown up when the second virus software ran and then detected it. Just curious if there is a possibility its not really resloved. The Norton report identified the virus as loaderx.class (trojan horse)and had this info under "activity"- [contained in] C:\users\family desktop\appdata\local\temp\low\jar_cache370.tmp Deleted Last used 1/3/12 as 2:51:37 a.m. thanks! Smile29


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
family desktop :: FAMILYDESKTO-PC [administrator]

1/2/2012 6:43:17 PM
mbam-log-2012-01-02 (18-43-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184590
Time elapsed: 11 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
1. OTL notepad scan……

OTL logfile created on: 1/2/2012 12:12:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\family desktop\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.45 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 25.94% Memory free
2.24 Gb Paging File | 0.82 Gb Available in Paging File | 36.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 147.04 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.53% Space Free | Partition Type: NTFS

Computer Name: FAMILYDESKTO-PC | User Name: family desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 12:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\family desktop\Downloads\OTL.exe
PRC - [2011/04/21 18:47:24 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/11/19 19:37:56 | 001,471,960 | ---- | M] (NetZero, Inc.) -- C:\Program Files\NetZero DSL\ConnectionCenter.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/02/20 04:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 14:36:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 14:34:24 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 14:33:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/15 21:47:03 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/05/03 16:01:00 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll
MOD - [2010/05/03 16:01:00 | 000,679,936 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/05/03 16:01:00 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/05/03 16:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/05/03 16:00:59 | 002,052,096 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll
MOD - [2010/05/03 16:00:59 | 001,339,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll
MOD - [2010/05/03 16:00:59 | 000,835,584 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll
MOD - [2010/05/03 16:00:59 | 000,770,048 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll
MOD - [2010/05/03 16:00:59 | 000,495,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll
MOD - [2010/05/03 16:00:59 | 000,430,080 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll
MOD - [2010/05/03 16:00:58 | 000,013,824 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\MEshim.dll
MOD - [2010/05/03 16:00:56 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/05/03 16:00:56 | 000,057,344 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/05/03 16:00:56 | 000,009,728 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/05/03 16:00:54 | 000,405,504 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/05/03 16:00:54 | 000,338,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/05/03 16:00:54 | 000,120,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/05/03 16:00:54 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/05/03 16:00:54 | 000,051,712 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/05/03 16:00:53 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/05/03 16:00:53 | 000,338,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/05/03 16:00:53 | 000,303,104 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/05/03 16:00:53 | 000,246,272 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/05/03 16:00:53 | 000,061,952 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/05/03 16:00:52 | 000,335,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/05/03 16:00:52 | 000,223,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/05/03 16:00:52 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/05/03 16:00:52 | 000,095,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/05/03 16:00:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/05/03 16:00:51 | 001,035,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/05/03 16:00:51 | 000,667,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/05/03 16:00:51 | 000,115,200 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/05/03 16:00:50 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2007/02/20 04:10:20 | 000,192,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx
MOD - [2007/02/20 04:09:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\VPCD.dll
MOD - [2007/02/20 02:34:48 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 02:54:50 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 02:54:50 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/19 16:49:30 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120101.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/19 16:49:30 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120101.006\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/05/02 17:12:52 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 22:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004/06/09 18:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sacm2A.sys -- (USBCM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.netzer...=minisearch_dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.netzer...=minisearch_dsl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.netzer...dsl&mn=78822965

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.netzer...=minisearch_dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.netzer...=minisearch_dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/m...rginia/home.cox
IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero DSL\SearchEnh1.dll (NetZero, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\family desktop\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/09/29 20:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_4_3 [2012/01/01 22:36:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\family desktop\AppData\Roaming\Move Networks [2009/10/15 18:25:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Pop-up Blocker) - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll (NetZero, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetZero DSL Toolbar Helper) - {FE3098B3-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero DSL\UcReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (NetZero DSL) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (NetZero DSL) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NetZeroDSL] C:\Program Files\NetZero DSL\ConnectionCenter.exe (NetZero, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0F682C5-670F-4196-9E5E-3AC35412FFE3}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\family desktop\Desktop\millie.jpg
O24 - Desktop BackupWallPaper: C:\Users\family desktop\Desktop\millie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 01:45:03 | 000,000,000 | ---D | C] -- C:\Users\family desktop\AppData\Local\NPE
[2011/12/31 00:59:28 | 000,000,000 | ---D | C] -- C:\Users\family desktop\AppData\Roaming\Tific
[2011/12/19 18:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2009/07/25 14:30:02 | 000,015,429 | ---- | C] ( ) -- C:\Windows\System32\drivers\Sacm2A.sys
[2 C:\Users\family desktop\Documents\*.tmp files -> C:\Users\family desktop\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 12:04:43 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 12:04:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 10:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 22:36:13 | 1062,391,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 22:34:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/27 11:19:15 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - family desktop.job
[2011/12/26 20:33:41 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/26 20:33:41 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 03:30:53 | 000,322,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/03 16:23:20 | 000,002,537 | ---- | M] () -- C:\Users\family desktop\Desktop\ZoomBrowser EX.lnk
[2011/12/03 16:11:46 | 000,143,140 | -H-- | M] () -- C:\Users\family desktop\Desktop\ZbThumbnail.info
[2 C:\Users\family desktop\Documents\*.tmp files -> C:\Users\family desktop\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 17:16:14 | 000,001,940 | ---- | C] () -- C:\Users\family desktop\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/10/20 14:43:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 14:43:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/25 14:30:02 | 000,135,168 | ---- | C] () -- C:\Windows\UNDPX2A.exe
[2009/07/25 14:30:02 | 000,053,693 | ---- | C] () -- C:\Windows\UNDPX2A.sys
[2008/10/26 10:11:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/04 20:48:51 | 000,000,680 | ---- | C] () -- C:\Users\family desktop\AppData\Local\d3d9caps.dat
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/26 15:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/01/24 20:08:08 | 000,015,872 | ---- | C] () -- C:\Users\family desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/22 14:10:01 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/01/22 14:10:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/01/22 14:10:01 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/22 06:27:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2006/11/10 17:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,322,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/07/27 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/29 09:07:59 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\eGames
[2008/05/10 15:11:45 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Scholastic
[2008/12/03 20:53:24 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Shutterfly
[2011/01/18 10:45:43 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Softplicity
[2011/12/31 00:59:28 | 000,000,000 | ---D | M] -- C:\Users\family desktop\AppData\Roaming\Tific
[2012/01/01 22:34:57 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

2. OLT extra notepad scan…

OTL Extras logfile created on: 1/2/2012 12:12:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\family desktop\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.45 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 25.94% Memory free
2.24 Gb Paging File | 0.82 Gb Available in Paging File | 36.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 147.04 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.95 Gb Free Space | 59.53% Space Free | Partition Type: NTFS

Computer Name: FAMILYDESKTO-PC | User Name: family desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0247B016-C26A-410B-AC20-3055FDD73EB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{0E969287-CD9A-42C9-8EE2-F393ED7E309C}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C1D7FE4-EB57-4467-9184-7A292E6240B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{42F3C302-3FFD-42C4-9E13-7C4087E1385B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43F221F2-95AB-411D-99D5-6C882910CEF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{86AD1517-9171-440A-BB7E-EB060D15AC71}" = rport=137 | protocol=17 | dir=out | app=system |
"{92170FCF-2864-435A-8A79-660EEB16BB3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{930A7589-432C-4D2E-84F7-8FBF6B25E817}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFBD38A9-30D8-4374-A13B-D31650E04591}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C17367A0-34EB-4DE8-8CC4-EAFE4A0F3D1E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CAA4E569-B0EE-4D03-8FC1-F2F527FD4CDF}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{D7804A56-9904-4A52-A5A4-0765CE26DF13}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DF7036-7CE4-4898-B86A-1D2166974824}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B4C6909-1198-4BD5-A831-CEDA41A2132D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D1E2920-153A-4F8B-82F0-74CC8D14B998}" = protocol=58 | dir=out | [email protected],-28546 |
"{4C53399A-34A5-405D-B16B-8A0020B8D78F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E3044E9-1CD7-4B2A-B3A1-5D0015402D21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4FE1C2DD-0F6F-4A6F-B11F-288DC933EFA8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{579A92CB-1C08-49DF-9214-4B0B7963A54B}" = protocol=58 | dir=in | [email protected],-28545 |
"{5A8E2B3F-DD0F-46F9-91A1-0D47264207F3}" = protocol=1 | dir=in | [email protected],-28543 |
"{6098F9BA-4E04-45FA-8CD2-13C08AB2922B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6460A57D-F697-4D77-A5F0-86CD9BC19BCF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67AA0498-7F7D-429B-A94F-422945D7A87E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6DC641F7-4E1F-4360-99DF-57D0A7CB6E88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87D0628B-4321-49A4-B4B6-17A258472413}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FCA9727-E52B-4154-A97A-69D74D3FB480}" = protocol=1 | dir=out | [email protected],-28544 |
"{A72C5DAD-0FA4-4CDF-9275-3EFD0A28B193}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8252E65-97A6-4221-B7E2-2333196F51D9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FBFB901C-83F5-46F6-B12B-F5E3427CAC78}" = dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{300F7127-17A0-48C3-A566-59C4DFE59B74}" = Storybook Weaver
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Formatta Filler 7.0" = Formatta Filler 7.0
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"Mia Goes for Great" = Mia Goes for Great (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NetZero DSL" = NetZero Connection Center(remove only)
"NIS" = Norton Internet Security
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Total Audio Converter_is1" = TotalAudioConverter
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2012 3:58:56 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/1/2012 3:58:56 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11279

Error - 1/1/2012 3:58:56 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11279

Error - 1/1/2012 3:58:57 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/1/2012 3:58:57 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12278

Error - 1/1/2012 3:58:57 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12278

Error - 1/1/2012 3:58:58 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/1/2012 3:58:58 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13276

Error - 1/1/2012 3:58:58 PM | Computer Name = familydeskto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13276

Error - 1/2/2012 1:03:44 PM | Computer Name = familydeskto-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c00 Start Time: 01ccc96fbc905470 Termination Time: 24669

[ System Events ]
Error - 12/31/2011 9:30:53 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/31/2011 9:32:20 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/31/2011 9:32:53 AM | Computer Name = familydeskto-PC | Source = DCOM | ID = 10010
Description =

Error - 12/31/2011 9:38:49 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/31/2011 9:48:15 AM | Computer Name = familydeskto-PC | Source = DCOM | ID = 10010
Description =

Error - 12/31/2011 9:07:39 PM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/1/2012 1:15:42 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/1/2012 10:28:13 AM | Computer Name = familydeskto-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 1/1/2012 10:29:10 AM | Computer Name = familydeskto-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SMR210\0000 disappeared from the system without
first being prepared for removal.

Error - 1/1/2012 11:34:29 PM | Computer Name = familydeskto-PC | Source = DCOM | ID = 10010
Description =


< End of report >

2. kaslog report.....

Status: Disinfected (events: 3)
1/2/2012 8:41:36 PM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\family desktop\AppData\Local\Temp\Low\jar_cache370.tmp High
1/2/2012 8:41:36 PM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\family desktop\AppData\Local\Temp\Low\jar_cache370.tmp/myf/y/AppletX.class High
1/2/2012 8:41:36 PM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.ad C:\Documents and Settings\family desktop\AppData\Local\Temp\Low\jar_cache370.tmp/myf/y/PayloadX.class High

[BlackOxide]

Please note that in checking the options to run for kaslog selected OS (C:) but did not select documents, computer, recovery(D:) or DVDRW (E:)If I should have included those let me know.

No need to scan again, that's fine as the OS (C:) includes Documents and all other folders on the operating system partition and the others aren't necessary to scan.

My question- seems that which ever of these ran first if it disabled the virus it would not have shown up when the second virus software ran and then detected it. Just curious if there is a possibility its not really resloved.

It should be fine, infact it's usually the opposite in that there is more chance of it being resolved as either Norton or Kaspersky will have Quarantined or Deleted it and it doesn't matter which out of the two did it, so shouldn't be any problems there


It looks as though all the threats are related to Java exploits. However it appears that they have been disinfected or removed, but we'll go ahead and remove any other Temp files and Java cache files by using the OTL fix below. What's also good to see is that you have the latest version of Java installed, which is a big help as they fix a lot of exploits and bugs in each update they do


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Commands
  [purity]
  [emptytemp]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done.

How is your PC behaving overall now, any problems with website redirections, popups etc?

[smile29]

Thanks for your help and the encourging information BlackOxide. Pasted the notes below from running OTL in case you want to see that. So it appears I'm virus free at the moment. Redirects and popups have not been much of a noticable problem. Did get one this evening, though its not been very frequent or an obvious problem in the past. Norton scan is not stalling any more and my PC operating system has been faster and more responsive the last 24 hours than it has for the last three months!

One additional question I have is would you advise as standard practice for me to run the (any or all of the three) virus detection programs you gave me on a regular basis in addtion to Norton internet security system? And if so, how frequently would you recommend they be used to double check my instulled system? Also, any other advise you have based on what you know of my system to date would be welcomed as well. I've greatly appreciated your patient and expert help. Not only did you make sure my computer was virrus free- but I'm more knowledgabe than before about methods of protection and the existance and value of geekstogo! resouces. THANKS BlackOxide! Smile29

OTL custom scan notes...

All processes killed
Error: Unable to interpret <:Commands[purity][emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_012104

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[BlackOxide]

No problem you're welcome

Norton scan is not stalling any more and my PC operating system has been faster and more responsive the last 24 hours than it has for the last three months!

Good to hear!

One additional question I have is would you advise as standard practice for me to run the (any or all of the three) virus detection programs you gave me on a regular basis in addtion to Norton internet security system? And if so, how frequently would you recommend they be used to double check my instulled system?

Perosonally, I would just run MBAM in addition to your main Anti Virus which is Norton. Every couple of weeks would be ideal to run a scan with it. MBAM is more geared towards Fake/Rogue software, Adware and the alterations they can make to the registry etc. It still does cover a lot of Trojans as well though which is very good. You will find that most Anti Virus' are good for Virus' and Trojans but seem to fall down a bit with the Fake AV and certain types of Adware, so MBAM alongside Norton should be fine for you. No need to worry about OTL and aswMBR as they just generate logs for us to examine, then manually remove items. I got you to run the Kaspersky standalone scanner as more of a second look at your PC, just to see if it picked up any items that Norton did not detect. Not saying Norton is bad, I just often like to take a look with a second AV just as a precaution really

I'll provide some more tips/info in my cleanup speech shortly. Just need you to run OTL again as it didn't understand the fix to clear the Temp and Java files. It looks as though it seen it as one long line. Could try it again for me please. Just check when it's pasted into the OTL box, that it looks identical to the text below...

:Commands
[purity]
[emptytemp]

If you could just copy and paste the log as before when it reboots and I'll check it for you.

[smile29]

Ok BlackOxide,that was scary! Pasted code in custom scans/fixes box as you see below this line...

:Commands
[purity]
[emptytemp]

Then hit Run/Fix button/ After initial start mayby, several seconds, all of my desktop icons disppeared. then soon after :Commands and [purity] disappeard and [emptytemp] remained. It stayed there for what seemed like five minutes and noticed "(not responding)" words were at the top of the window and hour glass was turning... turning...... Left it alone for awhile hoping it needed time to finish processing or whatever but got concerned I was allowing something bad so hit control-alt-delete to get task box, then ended program. Screen went blue with no icons on desk top. Shut down windows and turned off computer. Then restarted. Was relieved when icons reappeared. Will wait to here back from you before trying again- in case you know what I may have done wrong to get this unexpected result. thanks, Smile29

[BlackOxide]

We do hear of this from time to time where OTL will get stuck when removing Temp files. It is however normal for it to kill all processes just before it removes Temp files, so when your icons and start menu etc disappear that's fine. Would you mind trying it again for me please and let me know whether it goes through fully this time. If it doesn't, do what you did before and reboot the PC yourself.

[smile29]

Thanks for the information. Tried to run this two more times without success. After [emptytemp] is left alone in custom scan box it appears there is no processing occuring. It just sits there. However, realized that the "(not responding)" does not appear until I click something again like the "fix" button or try to delete the OTL application session. If it really is processing without signs of that and takes a very long time perhaps I should wait longer? However, when I ran OLT when you first suggested the "regular scan" it was quicker with signs something was processing. Let me know what you think/recommend. thanks!

[BlackOxide]

Looks like the emptytemp command just doesn't like your PC then It's nothing serious, we'll just remove the Java cache another way. I'll also post my cleanup speech now, as your logs look good. If you do have any other queries, just let me know.


Clear Java Cache

Please click here, and then follow the instructions on clearing your Java's cache.




Thank you for following the procedures, your system now appears free from Malware. It's now time to remove the programs we have used throughout this cleanup and make sure important programs are updated to their latest versions. This all helps in the fight against being reinfected.

Please make sure you follow the steps below, as they are highly recommended.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR from the Desktop (if present)

2)
Clear Old Restore Points

• Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
  

  :Commands
  [CLEARALLRESTOREPOINTS]

• Then Click Run Fix

3)
OTL Cleanup

• Open OTL
• Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

========== Anti Malware Protection ==========

Having a good Anti Virus program and an on-access Anti Malware program, is great in the battle against malware and various other forms of infections. You should aways make sure your Anti Virus is Enabled and has the latest defintions downloaded (Anti Virus software will nearly always update it's definitions automatically)

Here are some recommendations:

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. This is where a lot of people fall down, as there are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very worthwhile habit to get into.

Windows Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
Here's how to check to see if you are missing any updates. Just click your version of Windows below, to see how to check...
Windows XP
Windows Vista
Windows 7

Java updates

• Click the Start button
• Click Control Panel
• Double Click Java
  (If you don't see the Java icon - In XP, click Switch to Category View. In Vista, click Classic View. In Windows 7, click View By: in the top right and change it to Large Icons)
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

Adobe Reader updates

• Open Adobe Reader
• Click Help on the menu at the top
• Click Check for Updates
• Allow any updates to be downloaded and installed

========== Key Tips ==========

- Never be tempted to download software you didn't ask for
If for example you see a "Free Registry Booster" or "Get rid of all your malware problems or blue screens by using this software", don't be tempted to click on them. The software is often useless, could actually be harmful to your PC and they are generally just out to get your money. If you didn't ask for the software, don't download it

- Run regular scans
Set yourself a date, approximately every 2, 3 or 4 weeks, whereby you run a Full Scan with your Anti Virus and a scan with any Anti Malware/Spyware program you may have installed, like Malwarebytes' Anti Malware.


Have fun and stay safe online
BlackOxide

[smile29]

thanks BlackOxide, one last question: in your instructions to "Remove the Tools used in this cleanup" your item #1) "Tools on the Desktop: You can now safely remove aswMBR from the Desktop (if present)" I went to family desktop, opened download file to open the aswMBR application. However, did not see instructions or obvious way to remove it. I'm I doing the right thing or just missing something. The OLT clean up worked ok as did all the updates. thanks, Smile29