Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Restore Problem caused by Spyware

Started by snickers , Dec 19 2009 02:04 PM

This topic is locked

#16
andrewuk

Posted 31 December 2009 - 05:10 PM

Trusted Helper

Malware Removal
5,297 posts

====STEP 1====
Please run the MGA Diagnostic Tool and post back the report it shall produce:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

====STEP 2====
delete the version of combofix you have on your desktop and then down visit this webpage for download links for an updated version, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next reply could i see:
1. the MGA Diagnostic log
2. the combofix log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#17
snickers

Posted 31 December 2009 - 06:19 PM

Member

Topic Starter
Member
127 posts

MGADiag log:

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: 0x0
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {E4BE3195-0D6F-4B1A-A5D4-7DCFE3F55E11}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista ™ Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.090803-2339
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6001.18000

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_70AFE6BE-656-80070057_E2AD56EA-815-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E4BE3195-0D6F-4B1A-A5D4-7DCFE3F55E11}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-2363420569-19101160-1035343276</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>MM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A13</Version><SMBIOSVersion major="2" minor="4"/><Date>20070205000000.000000+000</Date></BIOS><HWID>E0323507018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M07 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>8E24C1F900DDAE</Val><Hash>SPyp8XXqNjUMQutNTdTosYvlawM=</Hash><Pid>81602-OEM-6872784-34008</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows™ Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-0792007
Installation ID: 000540737995221113756976221926352290720752434700430255
Processor Certificate URL: http://go.microsoft....k/?LinkID=43473
Machine Certificate URL: http://go.microsoft....k/?LinkID=43474
Use License URL: http://go.microsoft....k/?LinkID=43476
Product Key Certificate URL: http://go.microsoft....k/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

HWID Data-->
HWID Hash Current: PAAAAAIABQABAAEAAgABAAAAAwABAAEAJJSg0drxqKRYUHLyNnaM0OpO4r84i/L0MnGMFChRDKasVvRI

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M07
FACP DELL M07
HPET DELL M07
BOOT DELL M07
MCFG DELL M07
SLIC DELL M07
SSDT PmRef CpuPm

Combofix log:

ComboFix 09-12-31.06 - MICHELLE 12/31/2009 18:50:13.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1124 [GMT -5:00]
Running from: c:\users\MICHELLE\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-31 23:59 . 2010-01-01 00:00 -------- d-----w- c:\users\MICHELLE\AppData\Local\temp
2009-12-31 23:59 . 2009-12-31 23:59 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-12-31 23:59 . 2009-12-31 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-31 23:59 . 2009-12-31 23:59 -------- d-----w- c:\users\ALEX\AppData\Local\temp
2009-12-31 23:59 . 2009-12-31 23:59 -------- d-----w- c:\users\ADAM\AppData\Local\temp
2009-12-31 23:45 . 2009-12-31 23:47 -------- d-----w- C:\32788R22FWJFW
2009-12-31 23:17 . 2009-12-31 23:17 -------- d-----w- C:\MGADiagToolOutput
2009-12-31 03:29 . 2009-12-31 03:29 52224 ----a-w- c:\users\MICHELLE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-31 03:29 . 2009-12-31 07:09 117760 ----a-w- c:\users\MICHELLE\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-31 03:28 . 2009-12-31 03:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-31 03:26 . 2009-12-31 03:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-31 03:26 . 2009-12-31 03:26 -------- d-----w- c:\users\MICHELLE\AppData\Roaming\SUPERAntiSpyware.com
2009-12-31 01:37 . 2009-12-31 01:37 -------- d-----w- c:\users\MICHELLE\AppData\Local\Apple Computer
2009-12-24 22:58 . 2009-12-24 22:58 -------- d-----w- c:\program files\Bonjour
2009-12-19 18:43 . 2009-12-19 18:43 93056 ----a-w- C:\uwlcqkow.sys
2009-12-19 16:39 . 2009-12-19 16:40 -------- d-----w- c:\program files\ERUNT
2009-12-16 02:21 . 2009-12-16 02:21 -------- d-----w- c:\program files\Seagate
2009-12-09 08:06 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 08:06 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 08:06 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 00:07 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-06 14:32 . 2009-12-06 14:32 -------- d-----w- c:\users\MICHELLE\AppData\Local\Microsoft Corporation
2009-12-04 06:00 . 2009-12-31 00:15 5061520 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 02:49 . 2009-12-04 23:30 -------- d-----w- c:\users\MICHELLE\AppData\Local\GameTuts
2009-12-03 22:40 . 2009-12-03 22:40 -------- d-----w- c:\users\ADAM\AppData\Roaming\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 23:31 . 2009-03-13 01:23 -------- d-----w- c:\programdata\Lx_cats
2009-12-31 22:08 . 2007-03-24 11:30 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-12-31 22:08 . 2007-03-24 11:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-12-31 22:08 . 2007-03-23 01:19 56680 ----a-w- c:\windows\system32\Rpcnet.dll
2009-12-31 03:23 . 2007-04-07 15:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 00:18 . 2009-09-20 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 19:55 . 2009-09-20 01:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-09-20 01:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 14:49 . 2009-05-31 03:07 -------- d-----w- c:\users\MICHELLE\AppData\Roaming\ComcastToolbar
2009-12-29 00:23 . 2009-12-29 00:23 20940 ----a-w- c:\programdata\SPL6CF5.tmp
2009-12-28 05:40 . 2008-06-15 11:08 -------- d-----w- c:\programdata\Google Updater
2009-12-24 23:05 . 2007-04-06 10:36 -------- d-----w- c:\program files\iTunes
2009-12-24 23:04 . 2007-07-01 19:53 -------- d-----w- c:\program files\Common Files\Apple
2009-12-24 23:04 . 2007-04-06 10:36 -------- d-----w- c:\program files\iPod
2009-12-23 12:04 . 2009-12-23 12:04 189042 ----a-w- c:\programdata\SPLD96E.tmp
2009-12-23 12:00 . 2009-12-23 12:00 78012 ----a-w- c:\programdata\SPLA4D6.tmp
2009-12-23 04:13 . 2009-12-23 04:13 78012 ----a-w- c:\programdata\SPL7916.tmp
2009-12-23 04:08 . 2009-12-23 04:08 251703 ----a-w- c:\programdata\SPLB634.tmp
2009-12-23 01:26 . 2009-12-23 01:26 251703 ----a-w- c:\programdata\SPLB359.tmp
2009-12-23 01:18 . 2009-12-23 01:18 78012 ----a-w- c:\programdata\SPL1150.tmp
2009-12-23 01:16 . 2009-12-23 01:16 78012 ----a-w- c:\programdata\SPLEC0.tmp
2009-12-16 23:31 . 2009-12-16 23:31 181826 ----a-w- c:\programdata\SPL5A32.tmp
2009-12-16 23:30 . 2009-12-16 23:30 176129 ----a-w- c:\programdata\SPLC0A2.tmp
2009-12-16 23:28 . 2009-12-16 23:28 176129 ----a-w- c:\programdata\SPL3F74.tmp
2009-12-14 03:17 . 2009-12-14 03:17 2225599 ----a-w- c:\programdata\SPLDE68.tmp
2009-12-13 13:17 . 2009-12-13 13:17 2290566 ----a-w- c:\programdata\SPL1E1E.tmp
2009-12-10 00:14 . 2009-09-28 17:52 143976 ----a-w- c:\users\MICHELLE\AppData\Roaming\Move Networks\uninstall.exe
2009-12-10 00:14 . 2009-10-15 00:50 5642688 ----a-w- c:\users\MICHELLE\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
2009-12-10 00:14 . 2007-10-09 01:47 -------- d-----w- c:\users\MICHELLE\AppData\Roaming\Move Networks
2009-12-09 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 08:06 . 2007-03-16 00:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-07 22:48 . 2007-03-16 00:14 -------- d-----w- c:\program files\Google
2009-12-06 17:29 . 2007-03-25 16:59 -------- d-----w- c:\program files\Canon
2009-12-06 17:17 . 2008-10-10 00:15 -------- d-----w- c:\program files\Common Files\AOL
2009-12-06 17:15 . 2009-04-11 09:13 -------- d-----w- c:\programdata\Lavasoft
2009-12-06 17:15 . 2007-04-07 15:13 -------- d-----w- c:\program files\Lavasoft
2009-12-06 17:07 . 2007-03-15 23:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 17:05 . 2007-03-16 00:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-12-06 16:43 . 2009-08-04 11:21 -------- d-----w- c:\program files\Roxio
2009-12-06 16:34 . 2009-06-05 10:24 -------- d-----w- c:\program files\PCPitstop
2009-12-06 16:34 . 2009-06-05 10:24 -------- d-----w- c:\programdata\PCPitstop
2009-12-06 16:27 . 2009-05-29 02:40 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-06 16:26 . 2009-05-29 02:40 -------- d-----w- c:\program files\ArcSoft
2009-12-06 16:23 . 2009-09-20 22:38 -------- d-----w- c:\program files\SpywareGuard
2009-12-04 03:12 . 2007-07-03 10:38 -------- d-----w- c:\program files\Coupons
2009-12-04 02:41 . 2008-12-24 00:55 -------- d-----w- c:\users\MICHELLE\AppData\Roaming\Datel
2009-11-29 14:16 . 2009-11-29 14:16 120542 ----a-w- c:\programdata\SPL4FE2.tmp
2009-11-28 22:16 . 2009-11-28 22:15 -------- d-----w- c:\program files\QuickTime
2009-11-27 16:00 . 2009-06-06 19:56 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2009-11-27 00:33 . 2008-11-30 15:23 -------- d-----w- c:\program files\Safari
2009-11-27 00:30 . 2009-11-27 00:30 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-22 02:24 . 2007-04-06 21:59 8268 ----a-w- c:\users\MICHELLE\AppData\Local\d3d9caps.dat
2009-11-22 00:06 . 2009-11-22 00:06 109565 ----a-w- c:\programdata\SPLE033.tmp
2009-11-21 13:28 . 2009-11-21 13:28 338688 ----a-w- c:\programdata\SPL8881.tmp
2009-11-21 13:12 . 2009-11-21 13:12 1169746 ----a-w- c:\programdata\SPL490B.tmp
2009-11-21 06:40 . 2009-12-09 00:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 00:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 00:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 00:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 22:49 . 2009-05-14 11:22 -------- d-----w- c:\program files\McAfee
2009-11-19 17:27 . 2009-11-19 17:27 56844 ----a-w- c:\programdata\SPLADEA.tmp
2009-11-19 10:36 . 2009-11-19 10:36 56844 ----a-w- c:\programdata\SPL31F1.tmp
2009-11-13 01:10 . 2009-11-13 01:10 149949 ----a-w- c:\programdata\SPL795B.tmp
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-10 11:44 . 2009-11-10 11:41 -------- d--h--w- c:\programdata\esClient
2009-11-10 11:41 . 2009-11-10 11:41 -------- d-----w- c:\program files\echospin
2009-11-10 02:02 . 2007-03-15 23:56 -------- d-----w- c:\program files\Java
2009-11-05 01:46 . 2009-11-05 01:46 -------- d-----w- c:\program files\Microsoft
2009-11-03 01:42 . 2009-10-02 18:11 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 11:42 . 2009-10-31 11:42 1430407 ----a-w- c:\programdata\SPL98F5.tmp
2009-10-31 11:35 . 2009-10-31 11:35 7016923 ----a-w- c:\programdata\SPL5DF8.tmp
2009-10-31 11:33 . 2009-10-31 11:33 7016923 ----a-w- c:\programdata\SPL9630.tmp
2009-10-29 09:17 . 2009-11-25 00:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 02:19 . 2009-10-29 02:19 1245440 ----a-w- c:\programdata\SPL6C23.tmp
2009-10-29 02:14 . 2009-10-29 02:14 1275318 ----a-w- c:\programdata\SPL2D67.tmp
2009-10-28 11:06 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-21 16:45 . 2008-01-22 01:43 33792 ----a-w- c:\windows\system32\identprv.dll
2009-10-16 02:32 . 2009-10-16 02:32 409600 ----a-w- c:\windows\system32\lxdrcoin.dll
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\users\MICHELLE\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-13 00:06 . 2009-10-13 00:06 275890 ----a-w- c:\programdata\SPL551.tmp
2009-10-11 09:17 . 2008-12-25 14:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-10-28 09:40 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-10-28 09:40 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-10-28 09:40 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-05 09:41 . 2009-10-05 09:41 877048 ----a-w- c:\programdata\SPLEB58.tmp
2009-10-05 09:38 . 2009-10-05 09:38 1117784 ----a-w- c:\programdata\SPLBBF6.tmp
2009-10-03 12:06 . 2009-05-31 02:45 56680 ----a-w- c:\windows\system32\rpcnet.exe
2007-09-03 19:41 . 2007-09-03 19:41 8 --sha-r- c:\windows\System32\DB460FB393.sys
2007-09-03 19:41 . 2007-09-03 19:41 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-03-16 07:39 . 2007-03-16 07:38 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-12-29_04.06.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-16 00:26 . 2009-12-31 22:10 95142 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-31 22:10 77338 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-03-21 00:06 . 2009-12-31 22:10 26386 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2363420569-19101160-1035343276-1000_UserData.bin
- 2007-03-20 23:28 . 2009-12-29 04:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-03-20 23:28 . 2009-12-31 23:20 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-19 16:18 . 2009-12-31 23:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-19 16:18 . 2009-12-29 04:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-29 14:40 . 2009-12-29 15:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009122920091230\index.dat
- 2007-03-20 23:28 . 2009-12-29 04:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-03-20 23:28 . 2009-12-31 23:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-24 22:57 . 2009-12-31 22:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-24 22:57 . 2009-12-29 02:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-24 22:57 . 2009-12-31 22:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-24 22:57 . 2009-12-29 02:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-24 22:57 . 2009-12-29 02:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-24 22:57 . 2009-12-31 22:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-03-24 11:36 . 2009-12-31 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-03-24 11:36 . 2009-12-29 01:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-03-24 11:36 . 2009-12-31 22:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-24 11:36 . 2009-12-29 01:27 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-03-24 11:36 . 2009-12-29 01:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-03-24 11:36 . 2009-12-31 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-31 03:26 . 2009-12-31 03:26 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-12-31 03:26 . 2009-12-31 03:26 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-03-21 11:55 . 2009-12-31 22:06 2638 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-03-21 11:55 . 2009-12-26 13:39 2638 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-12-29 00:12 . 2009-12-29 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-31 22:07 . 2009-12-31 22:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-31 22:07 . 2009-12-31 22:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-29 00:12 . 2009-12-29 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-31 03:26 . 2009-12-31 03:26 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2006-11-02 10:33 . 2009-12-29 17:11 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-21 12:48 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-12-29 17:11 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-12-21 12:48 101350 c:\windows\System32\perfc009.dat
+ 2009-03-24 02:35 . 2009-12-31 07:16 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-24 02:35 . 2009-12-29 01:34 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 12:47 . 2009-12-29 15:23 2194968 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-11-12 10:46 2194968 c:\windows\System32\FNTCACHE.DAT
+ 2009-12-31 03:26 . 2009-12-31 03:26 1583616 c:\windows\Installer\abe0a4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-24 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"Yapta Tracker"="c:\program files\Yapta\YaptaClient.exe" [2009-07-27 345392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-09-10 676520]
"lxdramon"="c:\program files\Lexmark 4900 Series\lxdramon.exe" [2008-09-10 16040]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 429392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\users\MICHELLE\Desktop\SetPoint\SetPoint.exe [2009-1-21 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^MICHELLE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MICHELLE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNNAlerter.lnk]
path=c:\users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNNAlerter.lnk
backup=c:\windows\pss\CNNAlerter.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^MICHELLE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-07-11 22:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:19 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
2001-10-12 07:42 36864 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneClone]
2008-09-03 15:11 4345856 ----a-w- c:\program files\TuneClone\TuneClone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,2e,a9,b6,93,52,ca,01

R0 tclondrv;tclondrv;c:\windows\System32\drivers\tclondrv.sys [10/1/2008 7:50 AM 20352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [7/15/2009 6:33 PM 20376]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/19/2009 8:48 PM 235344]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 11:40 AM 148768]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2/7/2007 11:06 PM 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/9/2008 7:16 PM 24652]
R2 WebGuideTranscode;WebGuideTranscode;c:\program files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe [8/8/2007 6:28 PM 40960]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [9/19/2009 8:48 PM 19160]
R3 NETw5v32;Intel® WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [1/17/2008 1:53 PM 4788736]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdrserv.exe [5/16/2008 10:39 AM 94208]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [9/19/2008 11:03 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-12-31 c:\windows\Tasks\Malwarebytes' Scheduled Scan for MICHELLE.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-20 19:55]

2009-12-31 c:\windows\Tasks\Malwarebytes' Scheduled Update for MICHELLE.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-20 19:55]

2009-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2009-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 16:22]

2010-01-01 c:\windows\Tasks\User_Feed_Synchronization-{43A518E6-C34F-4385-927F-75DDE5105BDE}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

2010-01-01 c:\windows\Tasks\User_Feed_Synchronization-{4EF27C85-EE55-495F-80F8-3060E4B8A57A}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]

2010-01-01 c:\windows\Tasks\User_Feed_Synchronization-{5F21486F-FCF4-4E72-B917-B2262D5A96A6}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{0362b485-11fe-469c-ae98-42f478e581a0} - c:\program files\Yapta\YaptaSettings.exe
IE: {{0094A600-9BDD-4019-BAFE-487284F7D476} - {C3C07AD6-ACE9-43EE-A2AF-45BC13F6275F} - c:\program files\Yapta\YaptaSidebar.dll
Trusted Zone: comcastsupport.com\www
Trusted Zone: mcafee.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - hxxp://echospin.com/wizard/files/esWizard.cab
FF - ProfilePath - c:\users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\echospin\npesProxy.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\MICHELLE\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 19:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7320)
c:\users\MICHELLE\Desktop\SetPoint\lgscroll.dll
.
Completion time: 2009-12-31 19:04:28
ComboFix-quarantined-files.txt 2010-01-01 00:04
ComboFix2.txt 2009-12-29 04:10
ComboFix3.txt 2009-09-20 01:41

Pre-Run: 30,854,012,928 bytes free
Post-Run: 30,925,983,744 bytes free

- - End Of File - - 7DE4ABAA9D406FCA5881A1F43D36BB7F

Also I noticed while combo fix was running I got the following pop up error: $mft is corrupt & unreadable, run chkdsk.
I also got message in bottom right of computer notification area that C:\users\michelle\appdata\roaming macromedia\flashplayer\#shared objects\K9QAKBVT\wbads-87.vo.11nwd.net\e1\tyrashow\us is corrupt and unreadable. (I think I also got these 2 messages last time I ran combofix)

Edited by snickers, 01 January 2010 - 09:57 AM.

#18
andrewuk

Posted 01 January 2010 - 12:04 PM

Trusted Helper

Malware Removal
5,297 posts

Hello snickers

your logs appear clear of malware, and to be honest there is very little to clear. hence, i suspect it is a hardware or software issue. hence, go through at least Step 1 and Step 2 below to remove our tools and then return to your thread in the other part of the forum.

as far as malware goes, your logs are clean and another fix is in the can

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

it may also be worth backing up some important files you have on your machine.

====STEP 1====
Follow these steps to uninstall Combofix, some of the tools used in the removal of malware and to flush your system restore points

Click START then RUN
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between ComboFix and the /Uninstall, it needs to be there.
You will be notified if combofix has been successfully removed

====STEP 2====
Double-click OTL to run it. (Vista users, please right click on OTListIt.exe and select "Run as an Administrator")

Click the Clean up button and let the program run
when prompted, click Yes to the reboot.

you can also clear away any other tools we used.

====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.

====AND FINALLY====
The following is a list of free tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

MBAM - Malware Bytes Anti Malware is an excellent tool for anyone's antimalware arsenal. This program should be updated and run often.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Digsby or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
FireFox - Alternate web browser. Open source and quick, Firefox is usually the first thing I install on a new system.
NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk

#19
snickers

Posted 01 January 2010 - 01:49 PM

Member

Topic Starter
Member
127 posts

When I tried to delete the combo fix it said windows can not find combofix and I don't see it in all programs. I don't remember deleting it, but somehow it was deleted. Also for OTL, I don't see that program anywhere; possibly I already deleted that one.

I was wondering about the Green AV virus that the superantispyware found in the registry. Was that something to be worried about, because that was the same virus that the spyware forum had help me remove from my computer a couple of months ago, and I thought it was completely gone and was surprised to see the name on the list for scan results.

Thank you very much for all of your help.

#20
andrewuk

Posted 01 January 2010 - 02:38 PM

Trusted Helper

Malware Removal
5,297 posts

When I tried to delete the combo fix it said windows can not find combofix and I don't see it in all programs

is the combofix icon still on your desktop?

Also for OTL, I don't see that program anywhere; possibly I already deleted that one.

ok, follow these instructions:

Please download the OTC (OTCleanIT) by OldTimer.

Save it to your desktop.
Please double-click OTC.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Click on the CleanUp! button to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

I was wondering about the Green AV virus that the superantispyware found in the registry. Was that something to be worried about, because that was the same virus that the spyware forum had help me remove from my computer a couple of months ago, and I thought it was completely gone and was surprised to see the name on the list for scan results.

it only found a remnant of the infection, nothng more. there was no sign of the main infection.

andrewuk

#21
snickers

Posted 01 January 2010 - 03:40 PM

Member

Topic Starter
Member
127 posts

The combofix icon is not on my desktop.
I downloaded the OTC and did the cleanup.
Is there anything else I need to do?

#22
andrewuk

Posted 01 January 2010 - 05:16 PM

Trusted Helper

Malware Removal
5,297 posts

just one thing: download combofix again from http://www.bleepingc...to-use-combofix, dont run it but go through the uninstall proceedure below. this will make sure it is properly uninstalled:

Follow these steps to uninstall Combofix, some of the tools used in the removal of malware and to flush your system restore points

Click START then RUN
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between ComboFix and the /Uninstall, it needs to be there.
You will be notified if combofix has been successfully removed

#23
snickers

Posted 01 January 2010 - 08:27 PM

Member

Topic Starter
Member
127 posts

I had to first disable McAffee antivirus program, because it was removing combofix and saying it was a trojan. I then reinstalled combofix and ran the combofix /Uninstall program, but it didn't delete combofix. The icon is still on my desktop.

#24
andrewuk

Posted 02 January 2010 - 01:25 AM

Trusted Helper

Malware Removal
5,297 posts

ok, delete the combofix on your desktop.

#25
snickers

Posted 02 January 2010 - 06:59 AM

Member

Topic Starter
Member
127 posts

The combofix is already gone from my desktop. I guess the McAffee is automatically removing it.

#26
andrewuk

Posted 02 January 2010 - 11:01 AM

Trusted Helper

Malware Removal
5,297 posts

ok, thats us done in this part of the forum

#27
snickers

Posted 02 January 2010 - 11:07 AM

Member

Topic Starter
Member
127 posts

Thanks again for all the help

#28
andrewuk

Posted 02 January 2010 - 03:45 PM

Trusted Helper

Malware Removal
5,297 posts

Hello snickers

one of my colleagues has a suggestion. we need to see another OTL log:

go to http://www.geekstogo...uide-t2852.html and go to Step Five: Post an OTL Log and run the OTL log.

instead of the custom scan described on that page, could you put this customer scan in instead:

NetSvcs /all
%SYSTEMDRIVE%\srsvc.dll /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice /s

andrewuk

#29
snickers

Posted 02 January 2010 - 06:50 PM

Member

Topic Starter
Member
127 posts

I followed step 5 for OTL log (except I pasted in your text in the custom scan box)and it said not to change any settings, so the default settings were as follows: use safelist was checked for processes, services, standard registry & modules, and none was checked for drivers & extra registry. Both LOP and Purity check were checked off.

I have posted the logs:

OTL.txt log:

TL logfile created on: 1/2/2010 7:24:58 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\MICHELLE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 26.30 Gb Free Space | 26.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.40 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE-PC
Current User Name: MICHELLE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/02 19:14:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
PRC - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/30 14:55:16 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/12/23 22:48:34 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/11/27 23:48:12 | 00,842,240 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
PRC - [2009/11/27 20:00:02 | 00,382,368 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/11/27 19:59:56 | 00,665,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/11/27 19:57:30 | 01,865,560 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Agent\agent.exe
PRC - [2009/11/27 19:35:02 | 04,285,664 | ---- | M] (Acronis) -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe
PRC - [2009/11/27 19:28:10 | 00,957,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/16 16:02:08 | 00,761,856 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdrpswx.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/03 07:06:31 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 13:47:28 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdrcoms.exe
PRC - [2009/07/27 15:54:44 | 00,345,392 | ---- | M] (Yapta, Inc.) -- C:\Program Files\Yapta\YaptaClient.exe
PRC - [2009/07/15 18:33:15 | 00,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/07 16:43:36 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Users\MICHELLE\Desktop\SetPoint\SetPoint.exe
PRC - [2008/11/07 16:39:36 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/09/10 05:24:21 | 00,676,520 | ---- | M] () -- C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
PRC - [2008/09/10 05:24:18 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 4900 Series\lxdrmsdmon.exe
PRC - [2008/05/02 11:40:34 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2007/08/08 18:28:48 | 00,028,672 | ---- | M] (WebGuide LLC) -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServiceMonitor.exe
PRC - [2007/08/08 18:28:42 | 00,040,960 | ---- | M] (WebGuide LLC) -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
PRC - [2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/02/08 00:11:04 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/07 23:06:10 | 00,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 20:09:02 | 00,842,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/11/17 18:52:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/04/28 09:14:44 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/05/09 18:16:15 | 00,192,512 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe

========== Modules (SafeList) ==========

MOD - [2010/01/02 19:14:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/27 19:59:56 | 00,665,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/11/27 19:57:30 | 01,865,560 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent)
SRV - [2009/11/27 19:35:02 | 04,285,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe -- (MMS)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/16 15:49:48 | 00,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV - [2009/10/03 07:06:31 | 00,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/19 13:47:28 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdrcoms.exe -- (lxdr_device)
SRV - [2009/07/15 18:33:15 | 00,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/07 16:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/02 11:40:34 | 00,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 11:40:34 | 00,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - [2008/03/20 21:58:24 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 18:28:42 | 00,040,960 | ---- | M] (WebGuide LLC) [Auto | Running] -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe -- (WebGuideTranscode)
SRV - [2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/02/07 23:06:10 | 00,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...ff50ie7&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://search.aol.co...h=yesab&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/03/22 05:16:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 05:39:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 05:39:21 | 00,000,000 | ---D | M]

[2008/12/18 05:05:50 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Extensions
[2010/01/01 18:45:59 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions
[2009/12/21 06:12:27 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/11/18 20:05:19 | 00,000,000 | ---D | M] (No name found) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/11/15 08:25:15 | 00,000,000 | ---D | M] (WOT) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/10/17 16:09:23 | 00,001,901 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\aimsearch.xml
[2009/12/30 15:57:35 | 00,001,218 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\comcast.xml
[2009/11/09 21:02:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/18 05:05:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/10/09 19:16:49 | 00,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2008/12/01 11:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: (810 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdramon] C:\Program Files\Lexmark 4900 Series\lxdramon.exe ()
O4 - HKLM..\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: comcastsupport.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} http://echospin.com/...es/esWizard.cab (esProxy.GeneralHandler)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: AeLookupSvc - C:\Windows\System32\aelupsvc.dll (Microsoft Corporation)
NetSvcs: wercplsupport - C:\Windows\System32\wercplsupport.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: CertPropSvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: SCPolicySvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: lanmanserver - C:\Windows\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: gpsvc - C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
NetSvcs: IKEEXT - C:\Windows\System32\IKEEXT.DLL (Microsoft Corporation)
NetSvcs: AudioSrv - C:\Windows\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/23 00:23:39 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Rasauto - C:\Windows\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\Windows\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\Windows\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\Windows\System32\Sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - File not found
NetSvcs: Tapisrv - C:\Windows\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: TermService - C:\Windows\System32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\Windows\System32\wuaueng.dll (Microsoft Corporation)
NetSvcs: BITS - C:\Windows\System32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: iphlpsvc - C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation)
NetSvcs: seclogon - C:\Windows\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: AppInfo - C:\Windows\System32\appinfo.dll (Microsoft Corporation)
NetSvcs: msiscsi - C:\Windows\System32\iscsiexe.dll (Microsoft Corporation)
NetSvcs: MMCSS - C:\Windows\System32\mmcss.dll (Microsoft Corporation)
NetSvcs: ProfSvc - C:\Windows\System32\profsvc.dll (Microsoft Corporation)
NetSvcs: EapHost - C:\Windows\System32\eapsvc.dll (Microsoft Corporation)
NetSvcs: winmgmt - C:\Windows\System32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: schedule - C:\Windows\System32\schedsvc.dll (Microsoft Corporation)
NetSvcs: SessionEnv - C:\Windows\System32\SessEnv.dll (Microsoft Corporation)
NetSvcs: browser - C:\Windows\System32\browser.dll (Microsoft Corporation)
NetSvcs: hkmsvc - C:\Windows\System32\KMSVC.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/02 19:14:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
[2010/01/02 07:46:53 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/01/01 23:05:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2010/01/01 22:47:04 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\Adobe
[2010/01/01 21:42:38 | 00,000,000 | ---D | C] -- C:\Windows\Acronis
[2010/01/01 21:42:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/01/01 21:42:07 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/01/01 21:40:36 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/01/01 21:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/01/01 21:24:48 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/01 21:24:25 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/01 21:21:38 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/31 19:29:03 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\Apple
[2009/12/31 19:04:31 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\temp
[2009/12/31 19:02:55 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/31 18:17:35 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/12/30 22:28:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/30 22:26:16 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/30 22:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/30 20:37:53 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\Apple Computer
[2009/12/26 23:01:58 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\Desktop\Microsoft
[2009/12/24 17:58:09 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/15 21:32:46 | 00,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdrcoin.dll
[2009/09/10 22:24:54 | 00,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdrpmui.dll
[2009/09/10 22:24:46 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomm.dll
[2009/07/28 20:37:00 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.sys
[2009/03/12 20:01:01 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDRhcp.dll
[2009/03/12 20:01:00 | 00,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdrusb1.dll
[2009/03/12 20:01:00 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdrinpa.dll
[2009/03/12 20:01:00 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdriesc.dll
[2009/03/12 20:00:59 | 01,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdrserv.dll
[2009/03/12 20:00:59 | 00,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdrlmpm.dll
[2009/03/12 20:00:57 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdrhbn3.dll
[2009/03/12 20:00:55 | 00,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomc.dll
[2008/04/30 16:04:31 | 00,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\MICHELLE\Desktop\*.tmp files -> C:\Users\MICHELLE\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/02 19:31:00 | 00,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4EF27C85-EE55-495F-80F8-3060E4B8A57A}.job
[2010/01/02 19:30:21 | 07,602,176 | -HS- | M] () -- C:\Users\MICHELLE\ntuser.dat
[2010/01/02 19:30:15 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{43A518E6-C34F-4385-927F-75DDE5105BDE}.job
[2010/01/02 19:30:00 | 00,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F21486F-FCF4-4E72-B917-B2262D5A96A6}.job
[2010/01/02 19:14:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
[2010/01/02 18:53:00 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 18:53:00 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 11:50:57 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/02 11:50:57 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/02 11:50:57 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/02 11:22:17 | 00,065,536 | -HS- | M] () -- C:\Users\MICHELLE\ntuser.dat{c0c548af-bd86-11dc-8f61-0019b9602971}.TM.blf
[2010/01/02 11:22:16 | 00,524,288 | -HS- | M] () -- C:\Users\MICHELLE\ntuser.dat{c0c548af-bd86-11dc-8f61-0019b9602971}.TMContainer00000000000000000001.regtrans-ms
[2010/01/02 11:21:23 | 03,840,122 | -H-- | M] () -- C:\Users\MICHELLE\AppData\Local\IconCache.db
[2010/01/02 08:29:31 | 00,059,688 | ---- | M] () -- C:\Users\MICHELLE\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/02 01:17:28 | 00,000,526 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for MICHELLE.job
[2010/01/02 01:00:13 | 00,000,512 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for MICHELLE.job
[2010/01/01 23:09:31 | 07,391,232 | ---- | M] () -- C:\Users\MICHELLE\Desktop\Rescue.iso
[2010/01/01 22:03:44 | 03,637,248 | ---- | M] () -- C:\Users\MICHELLE\Desktop\AcronisUniversalRestore.msi
[2010/01/01 21:54:56 | 00,001,315 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Backup & Recovery 10.lnk
[2010/01/01 21:19:42 | 00,028,691 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/01/01 16:53:22 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/01/01 16:53:03 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\Rpcnet.dll
[2010/01/01 16:53:03 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2010/01/01 16:52:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 16:52:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/01 16:15:55 | 02,194,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/01 01:00:07 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/12/31 19:00:17 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/31 17:22:37 | 00,002,191 | ---- | M] () -- C:\Users\MICHELLE\Desktop\iTunes.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/29 23:15:09 | 00,002,587 | ---- | M] () -- C:\Users\MICHELLE\Desktop\WORD.lnk
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\MICHELLE\Desktop\*.tmp files -> C:\Users\MICHELLE\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/01 23:09:41 | 07,391,232 | ---- | C] () -- C:\Users\MICHELLE\Desktop\Rescue.iso
[2010/01/01 22:03:43 | 03,637,248 | ---- | C] () -- C:\Users\MICHELLE\Desktop\AcronisUniversalRestore.msi
[2010/01/01 21:54:56 | 00,001,315 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Backup & Recovery 10.lnk
[2009/12/28 22:53:10 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/24 19:52:52 | 00,002,191 | ---- | C] () -- C:\Users\MICHELLE\Desktop\iTunes.lnk
[2009/10/20 22:39:23 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 12:05:21 | 00,380,454 | ---- | C] () -- C:\ProgramData\lxdrJSW.log
[2009/09/10 22:24:29 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdrgrd.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/28 21:15:07 | 00,001,044 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\vso_ts_preview.xml
[2009/07/28 20:38:18 | 00,000,033 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.log
[2009/07/28 20:37:00 | 00,007,887 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.cat
[2009/07/28 20:37:00 | 00,001,144 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.inf
[2009/06/06 15:00:58 | 00,000,004 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\576CB6
[2009/06/06 15:00:57 | 00,870,128 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\mcs.rma
[2009/05/28 19:59:01 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/16 16:49:08 | 00,000,532 | ---- | C] () -- C:\ProgramData\lxdr.log
[2009/03/15 12:29:53 | 00,000,691 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\GetValue.vbs
[2009/03/15 12:29:53 | 00,000,035 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\SetValue.bat
[2009/03/12 22:00:31 | 00,000,187 | ---- | C] () -- C:\ProgramData\lxdrDiagnostics.log
[2009/03/12 20:09:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdrvs.dll
[2009/03/12 20:06:38 | 00,081,920 | ---- | C] () -- C:\Windows\System32\lxdrcaps.dll
[2009/03/12 20:06:38 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdrcnv4.dll
[2009/03/12 20:06:37 | 01,036,288 | ---- | C] () -- C:\Windows\System32\lxdrdrs.dll
[2009/03/12 20:03:48 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdrrwrd.ini
[2009/03/12 20:01:01 | 00,389,120 | ---- | C] () -- C:\Windows\System32\LXDRinst.dll
[2009/03/12 19:58:11 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/03/10 18:54:58 | 00,008,619 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/02/14 22:59:27 | 00,000,177 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\LaunchHomeCenter.log
[2009/02/14 21:20:12 | 00,442,870 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\installer.log
[2008/10/09 19:41:04 | 00,000,124 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\Au_.txt
[2008/03/22 22:58:27 | 00,000,008 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
[2008/02/09 15:39:05 | 00,000,069 | ---- | C] () -- C:\Windows\SONIC.INI
[2007/11/14 20:24:14 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2007/09/03 14:41:23 | 00,000,008 | RHS- | C] () -- C:\Windows\System32\DB460FB393.sys
[2007/09/03 14:41:22 | 00,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/09/03 14:38:55 | 01,300,048 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/06/17 20:39:11 | 00,000,073 | ---- | C] () -- C:\Windows\FaceFun.INI
[2007/05/13 18:58:44 | 00,098,304 | ---- | C] () -- C:\Windows\System32\resourceGeneric.dll
[2007/04/06 16:59:49 | 00,008,268 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\d3d9caps.dat
[2007/04/05 18:11:39 | 00,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2007/04/05 18:11:34 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2007/04/05 17:51:52 | 00,000,464 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/03/25 12:01:20 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2007/03/24 06:31:05 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2007/03/20 17:54:38 | 00,072,192 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/16 02:39:57 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/03/16 02:39:38 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/16 02:39:28 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/15 19:07:17 | 00,000,444 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997/11/17 16:13:16 | 00,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2007/08/03 23:40:28 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\aignes
[2009/05/30 21:26:14 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CallingID
[2007/10/15 16:30:26 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CNN
[2008/12/19 23:01:54 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/09 20:25:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Comcast
[2009/12/29 09:49:44 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\ComcastToolbar
[2008/11/15 22:10:18 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CVS
[2009/12/03 21:41:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Datel
[2009/06/19 04:29:35 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GARMIN
[2009/09/19 18:53:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GetRightToGo
[2007/12/22 17:53:59 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Image Zone Express
[2009/09/20 13:17:42 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\KeePass
[2009/03/23 18:26:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Lexmark Productivity Studio
[2008/10/26 04:53:34 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Morpheus Software
[2009/06/18 20:14:55 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Panasonic
[2007/04/08 15:39:38 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Sammsoft
[2008/10/09 19:41:04 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Simple Star
[2009/03/18 21:47:40 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Temp
[2009/03/15 13:01:09 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Thinstall
[2009/07/29 22:35:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Vso
[2008/04/10 19:20:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\W Photo Studio Viewer
[2009/07/17 18:28:44 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WebGuide
[2009/07/28 19:07:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WinFF
[2008/02/15 05:18:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Yapta
[2009/12/15 01:00:02 | 00,000,346 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/01/01 01:00:07 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/01/01 16:47:36 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/02 19:30:15 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{43A518E6-C34F-4385-927F-75DDE5105BDE}.job
[2010/01/02 19:31:00 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4EF27C85-EE55-495F-80F8-3060E4B8A57A}.job
[2010/01/02 19:30:00 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5F21486F-FCF4-4E72-B917-B2262D5A96A6}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\srsvc.dll /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\TuneClone:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\My Snapfire Shows:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\Downloaded Program Updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\Billy_Joel-8-We_Didn't_Start_The_Fire.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Desktop\TRAVEL:Roxio EMC Stream
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:70B3C619
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Extras.Txt Log:
TL Extras logfile created on: 1/2/2010 7:24:58 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\MICHELLE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 26.30 Gb Free Space | 26.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.40 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELLE-PC
Current User Name: MICHELLE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D1BFAC-F176-489D-A9C4-E4F256891762}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{05933E31-DFE4-4F3F-9C68-745BAFD373DA}" = rport=10244 | protocol=6 | dir=out | app=system |
"{065DC6CE-AA6A-4F92-85F9-55820847AACC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{08C6AED7-AB99-452A-AC60-D82D898A4A2F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0938EC74-671D-4908-98F5-A54A8CAAE687}" = lport=58550 | protocol=6 | dir=in | name=webguide |
"{0A48AF4B-1FFD-43A2-B016-C2E8A28EE492}" = rport=10243 | protocol=6 | dir=out | app=system |
"{113E2CC1-780A-4BF8-B7C1-B3FF4148DC64}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{12E6CB47-5EA8-45A7-A3DB-8A156D450021}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{20E5987E-B330-42BA-883F-7A40A9562D1B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{22D43C65-923D-4FEC-AC70-FCE639B4673B}" = lport=58551 | protocol=6 | dir=in | name=webguide |
"{30981F32-12C5-4470-8C38-FA6E8E47D508}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34F00452-FE1A-4FA9-8D38-9DE6E9FEE6A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A625C5B-AD1F-4CB8-BCBA-01804C1905B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{413EB676-A8DA-4463-BA1B-E12A00E66CB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45C3BD53-1AA6-483A-B85E-C4F46EEE6704}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{45F13F1C-B112-4F27-82E7-A1C61055E590}" = lport=10244 | protocol=6 | dir=in | app=system |
"{475BB869-2BE4-468A-9618-D070766EA51B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{47A8A340-7F92-44F8-9C7C-A11E91D54819}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4D1347E6-A034-498E-941D-EF3BB01AA0E7}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{4E8B99E9-C23A-462C-AA5E-6827D9834981}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6668B5B0-2189-4569-B46B-890E97F8A911}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{676A8197-D71A-4180-9CB3-6933F561401E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6983D767-1555-43B9-A419-21D0FF55ED29}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6D43A19E-7993-4D5B-B5F8-0523D97B53C6}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{82C2E5F6-3A7E-4B4C-BD7C-BAE7457F5B58}" = lport=80 | protocol=6 | dir=in | app=system |
"{8685F2DD-61B0-415F-9BCD-5EE4F2F53BF3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8C541CBC-5A02-4515-8D8D-42BB0C50ACEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9322A4A5-C324-4F38-A005-B5792C84B593}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9638770B-3FE6-473E-AEE8-8FEC1959E026}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{992B4C3F-356F-4C81-BC53-D6414AC300D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{99AB9CD1-DD61-4585-BF03-D61BBC51FAA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A32CF72E-D51B-4267-8BE4-AE19BE21EB10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B065A707-6669-438D-BC37-B44A2C466DFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFBD07FC-92EA-4E9C-8526-9DFD93DBD07E}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{CFBFBDB8-24E6-4BB6-856C-2ABBD043F13C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D07DFF13-CA20-4516-BB30-02CF996EB4E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D55298AB-D276-4704-BA32-D5021F14EB2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D959291F-223B-41A8-80AA-CDAC2FA096D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEE0B939-F9C4-410B-A800-5682E34E6964}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{EFDE957D-9947-43E2-B6A7-BA9D55C6ADAE}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{FB4381B6-CF82-45AE-A599-71E38F6C1B71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0004B0A9-C8B9-44FD-A22D-7DF125E745ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{0998245D-D615-4AE7-829A-B24486C57F7C}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{0B2FCAB0-00B8-450D-A4AE-02B51CE85656}" = protocol=17 | dir=in | app=c:\program files\dell\mediadirect\mdirect.exe |
"{0B7D2C3A-C882-4D25-86CE-41A35E090C2F}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{0EB38B8B-C0AA-483F-AFFF-E87291A5DF35}" = dir=in | app=e:\setup\hpznui01.exe |
"{0FE933A4-EF81-402B-ABD4-AC7050A757A5}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{11B740B1-3991-4977-98EC-952A0313EBF0}" = protocol=6 | dir=in | app=c:\program files\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
"{155798F7-6339-4517-837E-1B66527AA697}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{1ADE7CA6-F4FB-4E47-A15A-83708182282F}" = protocol=6 | dir=in | app=c:\program files\lexmark 4900 series\frun.exe |
"{1DCE3C0D-F2EF-4263-B6E0-7685B50E4C9D}" = protocol=6 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{1FBAF56F-7D89-4C63-9F19-F0407645BCBD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdrpswx.exe |
"{216E4DDF-DE39-48EA-9C71-C9E50B5DE001}" = protocol=17 | dir=in | app=c:\program files\dellsupport\dsagnt.exe |
"{2208ABAE-84E1-4BA5-88EE-07C05276E0E6}" = protocol=17 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{234C3492-7FB8-4525-B3FB-E208020B7755}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{24CE2F8C-0095-413A-87B4-81026D7DA51A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{28B1F9DC-F233-44D6-9137-A6417654E22F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{29F8919D-6F4D-42F3-A705-22EA50E06ADB}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{36964AF2-35E1-4362-A591-0EA66566C543}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3ED2C9C4-576B-467C-A65D-10DF23C626EE}" = protocol=6 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{3EE1A3D4-3C15-4AC7-B86C-5996D97A48E9}" = protocol=17 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{4011D4A0-09D4-4F4E-87C4-B5E36878067B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{421580AA-A3BB-435E-AA6B-6A36A87D03E7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{43F1767D-6D5E-4DEE-B222-9E0D556B9DC9}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{44BFD514-1882-453E-A59B-812450E004F3}" = protocol=6 | dir=in | app=c:\program files\siber systems\ai roboform\passcards.exe |
"{46956F07-0AF5-4008-AE0F-AC754E81351B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4BDDCE18-AD70-4D5B-A295-85879AD15CA7}" = protocol=17 | dir=in | app=c:\program files\siber systems\ai roboform\identities.exe |
"{4DB974E1-3604-4A81-966F-996C99936230}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{4F0A5109-84D0-44BB-A790-109AC3FEEC8D}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{5163C7E2-BDA8-4BDD-86CC-2BFD064654FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58E8FC9C-19BE-4CBE-9FFB-5F498905BECE}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{5A1DC797-8511-436A-AD79-058576F12F52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{628C37BC-9B09-4F70-B032-61A98A4E03F4}" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"{6519EE98-83B6-4A16-942F-8AA59351424A}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{67146EE9-1929-41AF-A8BB-648215DEDB91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{679C1439-F3D7-4CFC-8024-04BA1E1ED472}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{687E8272-4BCC-40B2-90B2-8341EA97D68C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B13E0CB-19B7-48AE-90C1-C3FF7992E389}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6DB90BC2-8E8D-4FE0-AD43-7B71AB86266C}" = protocol=17 | dir=in | app=c:\program files\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
"{6E6349B1-9632-46B5-A507-9A023396B4F7}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{6E9DB860-F919-42C6-AAC0-A08BA17FB620}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{6FE7F10D-4B1E-4BC4-A139-AD78D5905E87}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{7118B6D4-C204-44B6-B33E-B41E50B2A1E5}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{7186009A-A5D3-46E9-9091-BD75DDDC490C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7380B378-C2D6-46BA-B559-C95FF834CE98}" = protocol=6 | dir=in | app=c:\program files\dell\mediadirect\mdirect.exe |
"{7E6CD9DB-5166-4E6C-A17F-05E77B9079A2}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{82F03D62-F85F-488C-962D-A0D5DCD43A3F}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{84599512-F9F6-4832-9F46-7DA2D019BCDD}" = protocol=6 | dir=in | app=c:\program files\lexmark 4900 series\lxdramon.exe |
"{86089135-96F2-42C3-99A0-FEEBBC0BC44C}" = protocol=17 | dir=in | app=c:\program files\lexmark 4900 series\frun.exe |
"{89EB68FB-C5D5-42C0-927A-1B4D93A07163}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C082C5A-1D63-475B-B131-49759BD367F8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8F527F52-88FB-4DC2-8715-76DEA6C99864}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{906A78A7-240B-43AE-A613-4F810558BFA9}" = protocol=17 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{94062850-02BD-4DF0-AED9-18FCE59BFF59}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{95A59516-1CC0-4612-AD7F-0BEE5F2A66A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96443789-0E0A-40F5-B1E2-A2EFDAAC31C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97DFC081-8E47-4BA8-B33C-EB4134D9C3AA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdrpswx.exe |
"{983BC193-BB32-45A8-B76F-CAF0D1BFBA21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9A36DB03-1B56-42CF-A342-0AB43CFE3488}" = protocol=6 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{9D939F04-BDA2-47FB-B589-FB05B380CAF0}" = protocol=17 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{9E3B61B8-5CEB-4EE1-B72E-4FC50200BF07}" = protocol=17 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{9F2492D1-4B78-4120-BE83-9545BC5DE584}" = protocol=17 | dir=in | app=c:\program files\lexmark 4900 series\lxdramon.exe |
"{A1B8B99F-C381-4ECA-89BD-4110793375D7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A250B121-7F24-4B44-9DC8-AC0987E49D8E}" = protocol=6 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{A4BF2964-60BB-41D2-8FF4-909B7B58BD66}" = protocol=6 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{A9770148-CB60-4BD2-8854-2690070542B5}" = protocol=6 | dir=out | app=system |
"{B1554098-2B14-4333-AB0F-53C74A49A14E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B395FE1B-65DE-4E00-942B-1A4BB1F6B459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B879921C-3A93-4525-8841-167B8F6A97E1}" = protocol=6 | dir=in | app=c:\program files\dellsupport\dsagnt.exe |
"{B88FD737-5383-4179-82B4-74D7539DF820}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{B9D1E53C-69D6-49A2-B9EA-A24DA08EEABB}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{C1A3343D-F974-4C04-B72D-AF5A38D2ED05}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{C1BC8A0D-E5FB-45B9-B40F-C7D6407E1097}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C251FD2D-08D8-46B1-860F-A8336C27CFB9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C51532F1-7B99-42F0-8CC6-D21BD55BA605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C515716B-01E8-4E7A-BD17-1802D40D4BA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5E888C1-E51F-4A96-ABE2-DDC1EF00043C}" = protocol=17 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{CE7B810C-CFB6-4B6E-978F-9EE45BFA4B27}" = protocol=17 | dir=in | app=c:\program files\siber systems\ai roboform\passcards.exe |
"{D46D8B0A-3347-4A18-940D-A0825B518D04}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{D669867E-A426-4DBB-9FF6-FF2C5C050BC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7F36AF8-F5CE-40B9-8B86-294DA9B2A2CA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{DED20420-21AF-4C2C-A29E-90F31E640E04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0E2D955-0239-43E9-BFE6-16A5A27185C2}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{E198FFB7-D2BE-4675-A12A-56BA83A8C914}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{E451030E-748F-47B0-BB8C-89CD711FD1A5}" = protocol=6 | dir=out | app=system |
"{E64F1CC6-CCCE-4421-8CC8-58F6E4AD9885}" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"{E66C97C6-5D24-43B7-A467-CAB0C11B70A9}" = protocol=6 | dir=in | app=c:\program files\siber systems\ai roboform\identities.exe |
"{EBD8BA44-6B9E-4B4A-884A-A3A8D5FA39BF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ED6CBBD3-6B02-4778-B34E-BD25CBF4565F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EEF28060-ABC8-4E21-B759-3857B8E1DD11}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F67336F7-A63F-42DA-88F4-149A08AE938A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F91C501A-C12A-4608-8DAB-F04D5DE3150A}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FA189B96-D168-4193-9B46-5844411F2853}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{FBF9A702-9BC3-4278-8243-4F94D0EB00E9}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{FD1C8B6A-D6B6-4DD5-925E-F164F66A2785}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FD99BE28-A2EA-4564-9358-F518BCE3C6C8}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"TCP Query User{17DA61C3-4E9D-4C9C-84F2-8C753AC32844}C:\program files\webguide\webguide4\bin\webguide_configuration.exe" = protocol=6 | dir=in | app=c:\program files\webguide\webguide4\bin\webguide_configuration.exe |
"TCP Query User{3D534813-C883-45F3-A789-39270E6E86AC}C:\windows\system32\ctmweb.exe" = protocol=6 | dir=in | app=c:\windows\system32\ctmweb.exe |
"TCP Query User{3EA75441-6FFA-4025-8173-E7BB13E26274}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C83D8481-DADE-4A8D-9C67-B6ECB53C5CD7}C:\program files\msgtag\msgtag.exe" = protocol=6 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"TCP Query User{D2EF6CCE-7207-4147-934C-88127C2D73FC}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{D2F82F5E-FD86-4665-A18B-E84EE1C6F72D}C:\program files\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"TCP Query User{D43BA8D4-F7BF-4050-9284-AB50D651E5B5}C:\program files\msgtag\msgtag.exe" = protocol=6 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"TCP Query User{F89360A3-D292-4764-BEC1-6DBB953E01F1}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=6 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{06A092FC-C5E1-4046-BC54-5E33034856D3}C:\program files\webguide\webguide4\bin\webguide_configuration.exe" = protocol=17 | dir=in | app=c:\program files\webguide\webguide4\bin\webguide_configuration.exe |
"UDP Query User{636FDF6B-88D1-4B9F-8F44-CB1FF52F4E2F}C:\program files\msgtag\msgtag.exe" = protocol=17 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"UDP Query User{7352AE6C-4A27-47FB-8819-6698C3D849DD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9861C908-5E46-4321-ABBC-5E620546A5B4}C:\program files\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{A04EEB63-2E58-4A23-AFAC-0399D4CFE036}C:\program files\msgtag\msgtag.exe" = protocol=17 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"UDP Query User{BD635C9A-0907-4FD2-AFE2-675FAC3D1227}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=17 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{D1EF9AE5-0B50-4485-83E1-43185B9540DF}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{EDAF5A29-FFD8-420C-AA2B-5BA4D35D771F}C:\windows\system32\ctmweb.exe" = protocol=17 | dir=in | app=c:\windows\system32\ctmweb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{0665E2D2-2CF0-47C3-A0BA-11DCEFB0636F}" = Acronis Backup & Recovery 10 Upgrade Tool
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07F6BABF-0653-41A0-BCB7-8C2148AD2F1A}" = Acronis Backup & Recovery 10 Tray Monitor
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40247AAC-AB0D-449C-882F-90401C3351E8}" = UltiDev Cassini Web Server Explorer
"{493BAF04-DA99-9257-B343-E17BB5E687A3}" = ATI Catalyst Control Center Ex
"{4FB3E151-3AFE-458B-8DE8-D8913CCB2527}" = Acronis Backup & Recovery 10 Standalone Management Console
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90859A61-C317-48B9-8E31-4B742611FD19}" = Acronis Backup & Recovery 10 Agent
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9C0C251-3ECD-4DBC-A30F-1D996BC78400}" = WebGuide4
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032F86A-0539-4737-816A-1AB40F1BF14D}" = C4USelfUpdater
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F477D623-9670-430C-87A5-997EF5F66D6D}" = Malwarebytes' Anti-Malware IP Policy Shortcuts
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}" = UltiDev Cassini Web Server for ASP.NET 2.0
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE361859-B039-4E17-96AC-D111183DCF99}" = Acronis Backup & Recovery 10 Bootable Components and Media Builder
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Accent_on_Interactivity_1.0" = Accent on Interactivity 1.6
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AI RoboForm" = AI RoboForm (All Users)
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ComcastToolbar" = Comcast Toolbar
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"esClient" = Echospin Delivery Wizard
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.508
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Indeo® software" = Indeo® software
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"Lexmark 4900 Series" = Lexmark 4900 Series
"Malwarebytes' Anti-Malware IP Policy Shortcuts" = Malwarebytes' Anti-Malware IP Policy Shortcuts
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MSC" = McAfee SecurityCenter
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneClone_is1" = TuneClone 1.20
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"Yapta" = Yapta
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2008 12:00:03 AM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =

Error - 8/18/2008 12:56:04 AM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =

Error - 8/19/2008 11:02:43 PM | Computer Name = MICHELLE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 8/19/2008 11:02:47 PM | Computer Name = MICHELLE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 8/20/2008 7:50:09 AM | Computer Name = MICHELLE-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module AcroRd32.dll, version 8.1.2.86, time stamp 0x478854a9, exception
code 0xc0000005, fault offset 0x000961a2, process id 0xf64, application start time
0x01c902ba5ac82ad0.

Error - 8/20/2008 7:21:03 PM | Computer Name = MICHELLE-PC | Source = EventSystem | ID = 4622
Description =

Error - 8/20/2008 7:21:03 PM | Computer Name = MICHELLE-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/21/2008 1:45:12 AM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =

Error - 8/21/2008 7:51:35 AM | Computer Name = MICHELLE-PC | Source = EventSystem | ID = 4621
Description =

Error - 8/21/2008 9:07:50 PM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =

[ Media Center Events ]
Error - 7/8/2009 8:07:22 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 7/8/2009 8:18:55 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/8/2009 8:21:24 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/15/2009 6:39:29 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/15/2009 8:30:14 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/15/2009 8:34:09 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/17/2009 7:30:39 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 7/17/2009 7:31:03 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 7/17/2009 7:31:26 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 7/17/2009 7:31:47 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =

[ OSession Events ]
Error - 2/7/2009 6:43:34 PM | Computer Name = MICHELLE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6808
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/9/2009 5:34:04 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2009 5:34:30 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/9/2009 5:34:31 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2009 5:34:42 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/9/2009 5:34:42 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2009 5:34:53 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/9/2009 5:34:53 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2009 5:34:59 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/9/2009 5:34:59 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2009 5:37:22 AM | Computer Name = MICHELLE-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:35:29 AM on 9/9/2009 was unexpected.

< End of report >

#30
Rorschach112

Posted 03 January 2010 - 01:05 PM

Ralphie

Retired Staff
47,710 posts

I just want to check a few things, Andrew said I could jump in, its easier this way

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:filefind
*srsvc*
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice /sub
:service
SRService
:regfind
srservice
::csinfo
::safeboot

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt